IETF Logo Mail Archive

Re: Sections 3.3.2 and 3.3.3 allow bogus Content-Length?

"Adrien de Croy" <adrien@qbik.com> Tue, 14 February 2017 23:37 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E74412996A for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 14 Feb 2017 15:37:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.902
X-Spam-Level:
X-Spam-Status: No, score=-6.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JaMmia12ZpDh for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 14 Feb 2017 15:37:19 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B875129969 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 14 Feb 2017 15:37:19 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1cdmco-0000PJ-7K for ietf-http-wg-dist@listhub.w3.org; Tue, 14 Feb 2017 23:35:10 +0000
Resent-Date: Tue, 14 Feb 2017 23:35:10 +0000
Resent-Message-Id: <E1cdmco-0000PJ-7K@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <adrien@qbik.com>) id 1cdmck-00076u-Ir for ietf-http-wg@listhub.w3.org; Tue, 14 Feb 2017 23:35:06 +0000
Received: from smtp.qbik.com ([122.56.26.1]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_ARCFOUR_128_SHA1:128) (Exim 4.84_2) (envelope-from <adrien@qbik.com>) id 1cdmce-0001um-1W for ietf-http-wg@w3.org; Tue, 14 Feb 2017 23:35:01 +0000
Received: From [192.168.1.146] (unverified [192.168.1.146]) by SMTP Server [192.168.1.3] (WinGate SMTP Receiver v9.0.4 (Build 5915)) with SMTP id <0000964566@smtp.qbik.com>; Wed, 15 Feb 2017 12:34:30 +1300
From: Adrien de Croy <adrien@qbik.com>
To: Jacob Champion <champion.p@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Date: Tue, 14 Feb 2017 23:34:30 +0000
Message-Id: <em7388b077-40e2-44f9-8bda-914315cd1442@bodybag>
In-Reply-To: <abf8f814-2eb3-87fa-a692-17e5d05313d7@gmail.com>
References: <emdcb96fc0-0d2f-436c-9f1f-05beffe7593e@bodybag> <e01c4945-1116-d258-7004-ea917843bf3d@ninenines.eu> <ema747b801-6dcc-4b2d-ac95-9a027e10c0b4@bodybag> <7874c62b-c6a0-5d84-8115-20016b45118a@measurement-factory.com> <em541e3407-4e99-468e-a1e7-85a7bf074bdd@bodybag> <874938e6-2153-e02a-ab0e-814f468c58f8@measurement-factory.com> <em95b13204-3a33-4bd5-81d2-791e809b9cd2@bodybag> <abf8f814-2eb3-87fa-a692-17e5d05313d7@gmail.com>
Reply-To: Adrien de Croy <adrien@qbik.com>
User-Agent: eM_Client/7.0.27943.0
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=122.56.26.1; envelope-from=adrien@qbik.com; helo=smtp.qbik.com
X-W3C-Hub-Spam-Status: No, score=-4.6
X-W3C-Hub-Spam-Report: AWL=-0.666, BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1cdmce-0001um-1W 73e63d9ae5e9d304547925e5d040f417
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Sections 3.3.2 and 3.3.3 allow bogus Content-Length?
Archived-At: <http://www.w3.org/mid/em7388b077-40e2-44f9-8bda-914315cd1442@bodybag>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33510
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

A receiver cannot.

A sender can however (e.g. get file size, string length whatever).

A receiver therefore depends on the sender sending the correct value.


This is presuming the sender knows the length.  If the sender doesn't 
know the length it should not (MUST) set Content-Length header, but 
instead use chunking.


------ Original Message ------
From: "Jacob Champion" <champion.p@gmail.com>
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Sent: 15/02/2017 12:24:48 PM
Subject: Re: Sections 3.3.2 and 3.3.3 allow bogus Content-Length?

>On 02/14/2017 03:18 PM, Adrien de Croy wrote:
>>The only true size of a body is what you obtain by counting its bytes.
>
>Can you explain how you would count the bytes in a message body if you 
>don't know where that body ends?
>
>--Jacob
>

v2.23.0 | Report a Bug | By Email