On Fri, Oct 14, 2016 at 3:48 PM, <wr...@apache.org> wrote: > Author: wrowe > Date: Fri Oct 14 20:48:43 2016 > New Revision: 1764961 > > URL: http://svn.apache.org/viewvc?rev=1764961&view=rev > Log: > [...] > Apply HttpProtocolOptions Strict to chunk header parsing, invalid > whitespace is invalid, line termination must follow CRLF convention. > > [...]
> static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer, > [...] > - else if (c == ' ' || c == '\t') { > + else if (!strict && (c == ' ' || c == '\t')) { > /* Be lenient up to 10 BWS (term from rfc7230 - 3.2.3). > */ > ctx->state = BODY_CHUNK_CR; > I'm not sure where this myth came from... https://tools.ietf.org/html/rfc7230#section-4.1 has *NO* provision for BWS in the chunk size.