IETF Logo Mail Archive

Re: Sections 3.3.2 and 3.3.3 allow bogus Content-Length?

Matthew Kerwin <matthew@kerwin.net.au> Tue, 14 February 2017 21:18 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A6BA12989C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 14 Feb 2017 13:18:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.401
X-Spam-Level:
X-Spam-Status: No, score=-6.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eww1Ho-xNOSq for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 14 Feb 2017 13:18:13 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F64B12945E for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 14 Feb 2017 13:18:13 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1cdkSd-0000sC-PL for ietf-http-wg-dist@listhub.w3.org; Tue, 14 Feb 2017 21:16:31 +0000
Resent-Date: Tue, 14 Feb 2017 21:16:31 +0000
Resent-Message-Id: <E1cdkSd-0000sC-PL@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <phluid61@gmail.com>) id 1cdkSY-0000mv-IH for ietf-http-wg@listhub.w3.org; Tue, 14 Feb 2017 21:16:26 +0000
Received: from mail-it0-f53.google.com ([209.85.214.53]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <phluid61@gmail.com>) id 1cdkSQ-0000bO-8H for ietf-http-wg@w3.org; Tue, 14 Feb 2017 21:16:21 +0000
Received: by mail-it0-f53.google.com with SMTP id 203so51110817ith.0 for <ietf-http-wg@w3.org>; Tue, 14 Feb 2017 13:15:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=Gwjrk5QVPuylVXCY/V5Z57/K4CoUE3JVwh8UXMshUq4=; b=sV924i0RO0zSYEgqP7ywm7dCEWB6oBloTRWfgI/FrG96qQsL1UHmqY8V1Q3FBYu2IG bn50z9d9fNG1PxRrzo9/dKmtUsrHPNbG9oh9Y6+3nhZgbKM26qC2sjRPNVIH6mzPavF6 vUqoIbKmwr/1tm4LO2buLdYtcpTt1dgy2GusgxLf4pMwOhjoIzEaFf2NcZqv+HUkZ8uX 5mqAQnaAQludvxPkHkHq3eP1fFYT3HSuE9JILSwjBNdNyF9b/OlV8lgihn9/epner0BT YCm/vuswfr9DVF4ZmPy5qU/7m0aCZheW3dUTHQ9V4L48VfNhHmPZ2+oUBLjjZQq4N56s TtYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=Gwjrk5QVPuylVXCY/V5Z57/K4CoUE3JVwh8UXMshUq4=; b=rHjxptu65UE/wKpg7NxyJ9dm5mncB2sS3XeijlUT65/KOb3bgzc2s4rQtxX7VyVESR RpCNKSg67zf8CeHJwMCXSuRTm87FTArS4nby87FBGkG2MrQKSyI8P9I/ZOHPAWQZ4SeW ofrBqSv3vbDCoo0d68QeQFN5ctcvfLhbG1a+BppMhr9YQXqrfDXC9SFlLNA8l/PbVggJ MYeKp2mhKG9t2rZ3B0jY9u1PadfdwFjVphcbXRcxVV6zmhH/y0GB8GenavfABKKaBviJ N+j76NrRMVlztlKOZ+qRyEiTE3FVsvzHUX+OsitqdecF5daQpohPJ/e/wzLe0o9h3JyW A1vA==
X-Gm-Message-State: AMke39nnkTmZoKMyYx8RwthyCnOzskFGZoIR/aUyPj8eif9UZWiFTtHaT3HCUW5Wc0SFHIH3AwvuFC1xQjnC6A==
X-Received: by 10.36.236.2 with SMTP id g2mr5450241ith.18.1487106952544; Tue, 14 Feb 2017 13:15:52 -0800 (PST)
MIME-Version: 1.0
Sender: phluid61@gmail.com
Received: by 10.107.154.145 with HTTP; Tue, 14 Feb 2017 13:15:52 -0800 (PST)
Received: by 10.107.154.145 with HTTP; Tue, 14 Feb 2017 13:15:52 -0800 (PST)
In-Reply-To: <emdcb96fc0-0d2f-436c-9f1f-05beffe7593e@bodybag>
References: <emdcb96fc0-0d2f-436c-9f1f-05beffe7593e@bodybag>
From: Matthew Kerwin <matthew@kerwin.net.au>
Date: Wed, 15 Feb 2017 07:15:52 +1000
X-Google-Sender-Auth: Tue7mW_cIR6GKR0sLBtPHypDC9I
Message-ID: <CACweHNAmVua1Do+g6HzDM==CB3RMrd6_wH1Dz7RoszrW0rZD8Q@mail.gmail.com>
To: Adrien de Croy <adrien@qbik.com>
Cc: ietf-http-wg@w3.org
Content-Type: multipart/alternative; boundary="94eb2c1165eaa652ac054884119b"
Received-SPF: pass client-ip=209.85.214.53; envelope-from=phluid61@gmail.com; helo=mail-it0-f53.google.com
X-W3C-Hub-Spam-Status: No, score=-4.8
X-W3C-Hub-Spam-Report: AWL=-1.102, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FORGED_FROMDOMAIN=0.2, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1cdkSQ-0000bO-8H 78861dca798475380b625ba65ba81d8c
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Sections 3.3.2 and 3.3.3 allow bogus Content-Length?
Archived-At: <http://www.w3.org/mid/CACweHNAmVua1Do+g6HzDM==CB3RMrd6_wH1Dz7RoszrW0rZD8Q@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33494
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 15 Feb 2017 06:54, "Adrien de Croy" <adrien@qbik.com> wrote:


The language in RFC 7230 section 3.3.2 is extremely non-commital about
whether Content-Length needs to be correct or not.

I'm currently having a dispute about this with someone who quoted these
sections at me as being proof that you can use any value for C-L regardless
of the body length.

I think it could be a lot more forcefully written

Or is the person correct and we don't need to have C-L match the body
length?

In this particular case the discussion is around request messages.

Adrien


"For messages that do include a payload body, the Content-Length
field-value provides the framing information necessary for determining
where the body (and message) ends."


That seems pretty significant to me. Especially when you consider how
pipelining works. Then in the next section:


"If a valid Content-Length header field is present without
Transfer-Encoding, its decimal value defines the expected message
body length in octets.  If the sender closes the connection or
the recipient times out before the indicated number of octets are
received, the recipient MUST consider the message to be
incomplete and close the connection."


That, along with everything else in 3.3.2 & 3.3.3, and 3.4 makes me
wonder how anyone could find ambiguity there. If C-L is present, it
has to be correct.


Cheers (and sorry if gmail messes up the formatting)

v2.23.0 | Report a Bug | By Email