Re: Sections 3.3.2 and 3.3.3 allow bogus Content-Length?
Matthew Kerwin <matthew@kerwin.net.au> Tue, 14 February 2017 21:18 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A6BA12989C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 14 Feb 2017 13:18:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.401
X-Spam-Level:
X-Spam-Status: No, score=-6.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eww1Ho-xNOSq for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 14 Feb 2017 13:18:13 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F64B12945E for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 14 Feb 2017 13:18:13 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1cdkSd-0000sC-PL for ietf-http-wg-dist@listhub.w3.org; Tue, 14 Feb 2017 21:16:31 +0000
Resent-Date: Tue, 14 Feb 2017 21:16:31 +0000
Resent-Message-Id: <E1cdkSd-0000sC-PL@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <phluid61@gmail.com>) id 1cdkSY-0000mv-IH for ietf-http-wg@listhub.w3.org; Tue, 14 Feb 2017 21:16:26 +0000
Received: from mail-it0-f53.google.com ([209.85.214.53]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <phluid61@gmail.com>) id 1cdkSQ-0000bO-8H for ietf-http-wg@w3.org; Tue, 14 Feb 2017 21:16:21 +0000
Received: by mail-it0-f53.google.com with SMTP id 203so51110817ith.0 for <ietf-http-wg@w3.org>; Tue, 14 Feb 2017 13:15:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=Gwjrk5QVPuylVXCY/V5Z57/K4CoUE3JVwh8UXMshUq4=; b=sV924i0RO0zSYEgqP7ywm7dCEWB6oBloTRWfgI/FrG96qQsL1UHmqY8V1Q3FBYu2IG bn50z9d9fNG1PxRrzo9/dKmtUsrHPNbG9oh9Y6+3nhZgbKM26qC2sjRPNVIH6mzPavF6 vUqoIbKmwr/1tm4LO2buLdYtcpTt1dgy2GusgxLf4pMwOhjoIzEaFf2NcZqv+HUkZ8uX 5mqAQnaAQludvxPkHkHq3eP1fFYT3HSuE9JILSwjBNdNyF9b/OlV8lgihn9/epner0BT YCm/vuswfr9DVF4ZmPy5qU/7m0aCZheW3dUTHQ9V4L48VfNhHmPZ2+oUBLjjZQq4N56s TtYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=Gwjrk5QVPuylVXCY/V5Z57/K4CoUE3JVwh8UXMshUq4=; b=rHjxptu65UE/wKpg7NxyJ9dm5mncB2sS3XeijlUT65/KOb3bgzc2s4rQtxX7VyVESR RpCNKSg67zf8CeHJwMCXSuRTm87FTArS4nby87FBGkG2MrQKSyI8P9I/ZOHPAWQZ4SeW ofrBqSv3vbDCoo0d68QeQFN5ctcvfLhbG1a+BppMhr9YQXqrfDXC9SFlLNA8l/PbVggJ MYeKp2mhKG9t2rZ3B0jY9u1PadfdwFjVphcbXRcxVV6zmhH/y0GB8GenavfABKKaBviJ N+j76NrRMVlztlKOZ+qRyEiTE3FVsvzHUX+OsitqdecF5daQpohPJ/e/wzLe0o9h3JyW A1vA==
X-Gm-Message-State: AMke39nnkTmZoKMyYx8RwthyCnOzskFGZoIR/aUyPj8eif9UZWiFTtHaT3HCUW5Wc0SFHIH3AwvuFC1xQjnC6A==
X-Received: by 10.36.236.2 with SMTP id g2mr5450241ith.18.1487106952544; Tue, 14 Feb 2017 13:15:52 -0800 (PST)
MIME-Version: 1.0
Sender: phluid61@gmail.com
Received: by 10.107.154.145 with HTTP; Tue, 14 Feb 2017 13:15:52 -0800 (PST)
Received: by 10.107.154.145 with HTTP; Tue, 14 Feb 2017 13:15:52 -0800 (PST)
In-Reply-To: <emdcb96fc0-0d2f-436c-9f1f-05beffe7593e@bodybag>
References: <emdcb96fc0-0d2f-436c-9f1f-05beffe7593e@bodybag>
From: Matthew Kerwin <matthew@kerwin.net.au>
Date: Wed, 15 Feb 2017 07:15:52 +1000
X-Google-Sender-Auth: Tue7mW_cIR6GKR0sLBtPHypDC9I
Message-ID: <CACweHNAmVua1Do+g6HzDM==CB3RMrd6_wH1Dz7RoszrW0rZD8Q@mail.gmail.com>
To: Adrien de Croy <adrien@qbik.com>
Cc: ietf-http-wg@w3.org
Content-Type: multipart/alternative; boundary="94eb2c1165eaa652ac054884119b"
Received-SPF: pass client-ip=209.85.214.53; envelope-from=phluid61@gmail.com; helo=mail-it0-f53.google.com
X-W3C-Hub-Spam-Status: No, score=-4.8
X-W3C-Hub-Spam-Report: AWL=-1.102, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FORGED_FROMDOMAIN=0.2, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1cdkSQ-0000bO-8H 78861dca798475380b625ba65ba81d8c
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Sections 3.3.2 and 3.3.3 allow bogus Content-Length?
Archived-At: <http://www.w3.org/mid/CACweHNAmVua1Do+g6HzDM==CB3RMrd6_wH1Dz7RoszrW0rZD8Q@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33494
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 15 Feb 2017 06:54, "Adrien de Croy" <adrien@qbik.com> wrote: The language in RFC 7230 section 3.3.2 is extremely non-commital about whether Content-Length needs to be correct or not. I'm currently having a dispute about this with someone who quoted these sections at me as being proof that you can use any value for C-L regardless of the body length. I think it could be a lot more forcefully written Or is the person correct and we don't need to have C-L match the body length? In this particular case the discussion is around request messages. Adrien "For messages that do include a payload body, the Content-Length field-value provides the framing information necessary for determining where the body (and message) ends." That seems pretty significant to me. Especially when you consider how pipelining works. Then in the next section: "If a valid Content-Length header field is present without Transfer-Encoding, its decimal value defines the expected message body length in octets. If the sender closes the connection or the recipient times out before the indicated number of octets are received, the recipient MUST consider the message to be incomplete and close the connection." That, along with everything else in 3.3.2 & 3.3.3, and 3.4 makes me wonder how anyone could find ambiguity there. If C-L is present, it has to be correct. Cheers (and sorry if gmail messes up the formatting)
- Sections 3.3.2 and 3.3.3 allow bogus Content-Leng… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Loïc Hoguin
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Poul-Henning Kamp
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- RE: Sections 3.3.2 and 3.3.3 allow bogus Content-… Mike Bishop
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Matthew Kerwin
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Jason T. Greene
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Jacob Champion
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Poul-Henning Kamp
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Daniel Stenberg
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Willy Tarreau
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Alex Rousskov
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Jacob Champion
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Alex Rousskov
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Jacob Champion
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Alex Rousskov
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Alex Rousskov
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Matthew Kerwin
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Adrien de Croy
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Alex Rousskov
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Mark Nottingham
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Willy Tarreau
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Poul-Henning Kamp
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Cory Benfield
- Re: Sections 3.3.2 and 3.3.3 allow bogus Content-… Patrick McManus