On May 14, 2013, at 8:58 AM, Graham Leggett wrote: > Hi all, > > I am currently getting to the bottom of a test case that checks httpd's > response to an abnormally large chunk extension from a reverse proxy server. > What httpd does now is trigger an error, causing both the upstream and > downstream connections to be terminated and truncated. Is this the correct > way to respond to this?
Is there any other way to handle it? How long are we talking about? I certainly wouldn't try to process more than a single input buffer. > http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-22#section-4.1 > says this: > > "All recipients MUST be able to receive and decode the chunked transfer > coding and MUST ignore chunk-ext extensions they do not understand." > > Does the above "they do not understand" requirement include the requirement > to ignore chunk-ext extensions that are too long? (For some arbitrary > definition of long) Probably, but we can fix the requirement if you think it might be a security issue (or just a bit too silly). Note that sending chunk-ext has been deprecated. ....Roy
