Personally, I find this case of 1*hexdig ";" to more closely resemble the new rule of field-name ":" OWS field-value, which introduces a MUST reject for whitespace following request field-name in 7230 3.2.4. But Roy accepts that the implied *LWS rule is appropriate based on the errata request, and I'm fine with accepting that approach. Note we now implement this as; *hexdig [#10 LWS [ ";" *( VCHAR | obs-text | SP | TAB ) ] ].
If there are other opinions please speak up in the coming days. Cheers, Bill On Tue, Oct 18, 2016 at 11:30 AM, <wr...@apache.org> wrote: > Author: wrowe > Date: Tue Oct 18 16:30:43 2016 > New Revision: 1765475 > > URL: http://svn.apache.org/viewvc?rev=1765475&view=rev > Log: > Appears we cannot disallow this whitespace, since the chunk BNF coexisted > with the implied *LWS rule, before RFC7230 eliminated the later. Whether > this is actually OWS or BWS is an editorial decision beyond our pay grade. > > > > Modified: > httpd/httpd/trunk/modules/http/http_filters.c > > Modified: httpd/httpd/trunk/modules/http/http_filters.c > URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ > http/http_filters.c?rev=1765475&r1=1765474&r2=1765475&view=diff > ============================================================ > ================== > --- httpd/httpd/trunk/modules/http/http_filters.c (original) > +++ httpd/httpd/trunk/modules/http/http_filters.c Tue Oct 18 16:30:43 2016 > @@ -179,8 +179,10 @@ static apr_status_t parse_chunk_size(htt > return APR_EINVAL; > } > } > - else if (!strict && (c == ' ' || c == '\t')) { > - /* Be lenient up to 10 BWS (term from rfc7230 - 3.2.3). > + else if (c == ' ' || c == '\t') { > + /* Be lenient up to 10 implied *LWS, a legacy of RFC 2616, > + * and noted as errata to RFC7230; > + * https://www.rfc-editor.org/errata_search.php?rfc=7230&; > eid=4667 > */ > ctx->state = BODY_CHUNK_CR; > if (++ctx->chunk_bws > 10) { > > >
