[usefor] Trailing whitespace in header fields

Julien ÉLIE <julien@trigofacile.com> Sun, 07 August 2016 20:05 UTC

Return-Path: <julien@trigofacile.com>
X-Original-To: usefor@ietfa.amsl.com
Delivered-To: usefor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0124112D196 for <usefor@ietfa.amsl.com>; Sun, 7 Aug 2016 13:05:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.002
X-Spam-Level:
X-Spam-Status: No, score=-0.002 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Zwcq5ee3Lfv for <usefor@ietfa.amsl.com>; Sun, 7 Aug 2016 13:05:15 -0700 (PDT)
Received: from smtp.smtpout.orange.fr (smtp06.smtpout.orange.fr [80.12.242.128]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3813A12D09B for <usefor@ietf.org>; Sun, 7 Aug 2016 13:05:14 -0700 (PDT)
Received: from macbook-pro-de-julien-elie.home ([92.170.5.52]) by mwinf5d11 with ME id UL5B1t00E17Lgi403L5CKH; Sun, 07 Aug 2016 22:05:12 +0200
X-ME-Helo: macbook-pro-de-julien-elie.home
X-ME-Auth: anVsaWVuLmVsaWU0ODdAd2FuYWRvby5mcg==
X-ME-Date: Sun, 07 Aug 2016 22:05:12 +0200
X-ME-IP: 92.170.5.52
X-Mozilla-News-Host: snews://news.individual.net:563
From: =?UTF-8?Q?Julien_=c3=89LIE?= <julien@trigofacile.com>
Organization: TrigoFACILE -- http://www.trigofacile.com/
To: usefor@ietf.org
Message-ID: <e4e43176-dd01-ee08-b8ec-8e11294fa00c@trigofacile.com>
Date: Sun, 7 Aug 2016 22:05:11 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/usefor/sCYLUzVNAB0dGkjud-LXjqM1hlA>
Subject: [usefor] Trailing whitespace in header fields
X-BeenThere: usefor@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of usefor issues." <usefor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/usefor>, <mailto:usefor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/usefor/>
List-Post: <mailto:usefor@ietf.org>
List-Help: <mailto:usefor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/usefor>, <mailto:usefor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Aug 2016 20:05:18 -0000

Hi,

I am currently looking at the checks an injecting server is supposed to 
perform regarding the syntax of header fields.

I am a bit confused by Appendix A.1 of RFC 3977, that gives rules for 
the format of Netnews articles:

A.1.  Header Folding

    Both email and Netnews articles are required to have at least one
    octet other than space or TAB on each header line.  Thus, folding can
    only happen at one point in each sequence of consecutive spaces or
    TABs.  Netnews articles are further required to have the header name,
    colon, and following space all on the first line; folding may only
    happen beyond that space.  Finally, some non-conforming software will
    remove trailing spaces and TABs from a line.  Therefore, it might be
    inadvisable to fold a header after a space or TAB.

    For maximum safety, header lines SHOULD conform to the following
    syntax rather than to that in Section 9.7.

      header = header-name ":" SP [header-content] CRLF
      header-content = [WS] token *( [CRLF] WS token )


The ABNF syntax, as well as the introductory text in Appendix A.1:
a/ allows a space as the only contents of a header field body;
b/ allows header field bodies with only a space in their first line;
c/ disallows trailing whitespace.

This syntax is given as a SHOULD.



If we have a look at Section 2.2 of RFC 5536, we have:

    o  All agents MUST generate header fields so that at least one space
       immediately follows the ':' separating the header field name and
       the header field body (for compatibility with deployed software,
       including NNTP [RFC3977] servers).  News agents MAY accept header
       fields that do not contain the required space.

    o  Every line of a header field body (including the first and any
       that are subsequently folded) MUST contain at least one non-
       whitespace character.

          NOTE: This means that no header field body defined by or
          referenced by this document can be empty.  As a result, rather
          than using the <unstructured> syntax from Section 3.2.5 of
          [RFC5322], this document uses a stricter definition:

    unstructured    =  *WSP VCHAR *( [FWS] VCHAR ) *WSP



So, mixed together, it means that a/ and b/ are finally disallowed, 
which is fine (the MUST of RFC 5536 is stronger that the SHOULD of RFC 
3977).
But c/ is still disallowed as a SHOULD.

It means that trailing whitespace SHOULD NOT be present in Netnews 
header field lines.  (RFC 3977 uses a stricter definition of 
"unstructured" than RFC 5536!)

Is it really a rule to enforce for Netnews articles?  And does someone 
know why this is not mentioned at all in RFC 5536?

-- 
Julien ÉLIE

« Life is short… so eat dessert first! »