On Tue, May 28, 2002 at 08:00:16AM -0700, Justin Erenkrantz wrote:
> On Tue, May 28, 2002 at 10:18:52AM -0400, Jeff Trawick wrote:
> > okay, do try it, but (unlike somebody last night) don't try it on daedalus
> > 
> > GET / HTTP/1.1
> > Accept: */*
> > Host: test
> > Content-Type: application/x-www-form-urlencoded
> > Transfer-Encoding: chunked
> > 
> > AAAAAAAAAAAAAAAAAAA
> 
> Hmm.  Isn't that legal?  A is a hex digit.

RFC2616:
       Chunked-Body   = *chunk
                        last-chunk
                        trailer
                        CRLF

       chunk          = chunk-size [ chunk-extension ] CRLF
                        chunk-data CRLF
       chunk-size     = 1*HEX
       last-chunk     = 1*("0") [ chunk-extension ] CRLF

so, strictly spoken, it is "legal". The trailing chunk could have been
 0000000000000000000000000000000000000000000000000000000000000 CRLF
and still be legal.

But IMO we need to have a way to parse the hex string and detect an
integer overflow at the same time. If an overflow occurs, then
an 4XX message is appropriate (400 Bad Request  rather than
413 Request Entity Too Large)

Then, as a second step (if the number parsed all right, even if it
was incredibly long, as in this chunk of 33 bytes:
 000000000000000000000000000000000000000000000000000000021 CRLF
) we can try and verify whether we accept the size. For that, we
have an upper limit defined by "LimitRequestBody bytes".
Anything beyond that can impossibly be accepted.

   Martin
-- 
<[EMAIL PROTECTED]>         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany

Reply via email to