Re: Request line parsing

2020-03-23 Thread Filip Hanik
+1 Thorough and clear write up On Mon, Mar 23, 2020 at 06:01 Mark Thomas wrote: > Hi, > > I am currently looking at the request line parsing. I'll try and set out > each issue in turn. > > End of line parsing > === > > Prior to the recent changes

Re: Request line parsing

2020-03-23 Thread Mark Thomas
On 23/03/2020 17:33, Christopher Schultz wrote: > On 3/23/20 11:35, Mark Thomas wrote: > Sounds good. I entirely missed your actual proposal, which was below > your signature and after your references: Sorry about that. I was editing and re-organising and got distracted. Mark

Re: Request line parsing

2020-03-23 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 3/23/20 11:35, Mark Thomas wrote: > On 23/03/2020 14:59, Christopher Schultz wrote: > > > >> My only concern here is that request line + header-processing >> really has to match whatever reverse proxy servers are doing as >> well, and

Re: Request line parsing

2020-03-23 Thread Mark Thomas
On 23/03/2020 13:28, Rémy Maucherat wrote: > On Mon, Mar 23, 2020 at 2:01 PM Mark Thomas > wrote: > With all of the above in mind I propose: > > - Doing nothing! I think Tomcat is striking the right balance here. > > This means: > GET /CRLF   ->

Re: Request line parsing

2020-03-23 Thread Mark Thomas
On 23/03/2020 14:59, Christopher Schultz wrote: > My only concern here is that request line + header-processing really > has to match whatever reverse proxy servers are doing as well, and > that's really not something we can know for sure. I don't think there > is a single safe implementation

Re: Request line parsing

2020-03-23 Thread Michael Osipov
Am 2020-03-23 um 14:01 schrieb Mark Thomas: Hi, I am currently looking at the request line parsing. I'll try and set out each issue in turn. End of line parsing === Prior to the recent changes, Tomcat allowed CRLF or LF to mark the end of a line. The unwanted side effect

Re: Request line parsing

2020-03-23 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 3/23/20 09:01, Mark Thomas wrote: > Hi, > > I am currently looking at the request line parsing. I'll try and > set out each issue in turn. > > End of line parsing === > > Prior to the recent chan

Re: Request line parsing

2020-03-23 Thread Rémy Maucherat
On Mon, Mar 23, 2020 at 2:01 PM Mark Thomas wrote: > Hi, > > I am currently looking at the request line parsing. I'll try and set out > each issue in turn. > > End of line parsing > === > > Prior to the recent changes, Tomcat allowed CRLF or LF

Request line parsing

2020-03-23 Thread Mark Thomas
Hi, I am currently looking at the request line parsing. I'll try and set out each issue in turn. End of line parsing === Prior to the recent changes, Tomcat allowed CRLF or LF to mark the end of a line. The unwanted side effect was that CR could appear in the header value