Re: svn commit: r1764961 - in /httpd/httpd/trunk: docs/manual/mod/core.xml modules/http/http_filters.c server/core.c server/gen_test_char.c server/protocol.c server/util.c

Fri, 14 Oct 2016 14:17:12 -0700 

On Fri, Oct 14, 2016 at 3:48 PM, <wr...@apache.org> wrote:

> Author: wrowe
> Date: Fri Oct 14 20:48:43 2016
> New Revision: 1764961
>
> URL: http://svn.apache.org/viewvc?rev=1764961&view=rev
> Log:
> [...]
> Apply HttpProtocolOptions Strict to chunk header parsing, invalid
> whitespace is invalid, line termination must follow CRLF convention.
>
> [...]



> static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer,
> [...]



> -        else if (c == ' ' || c == '\t') {
> +        else if (!strict && (c == ' ' || c == '\t')) {
>              /* Be lenient up to 10 BWS (term from rfc7230 - 3.2.3).
>               */
>              ctx->state = BODY_CHUNK_CR;
>

I'm not sure where this myth came from...

https://tools.ietf.org/html/rfc7230#section-4.1

has *NO* provision for BWS in the chunk size.

Reply via email to