Ignore:
Timestamp:
Mar 9, 2011, 1:41:51 PM (9 years ago)
Author:
fielding@…
Message:

Explicitly require that recipients fix duplicate received Content-Length
and correctly combine multiple Transfer-Encoding fields prior to
determining the message-body length. Require (MUST instead of SHOULD)
user agents to discard messages with framing errors that might indicate
response smuggling.

Addresses #95

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p1-messaging.xml

    r1151 r1156  
    13561356<t>
    13571357   The message-body differs from the payload body only when a transfer-coding
    1358    has been applied, as indicated by the Transfer-Encoding header field (<xref target="header.transfer-encoding"/>).  When one or more transfer-codings are
    1359    applied to a payload in order to form the message-body, the
    1360    Transfer-Encoding header field &MUST; contain the list of
    1361    transfer-codings applied. Transfer-Encoding is a property of the message,
    1362    not of the payload, and thus &MAY; be added or removed by any implementation
    1363    along the request/response chain under the constraints found in
    1364    <xref target="transfer.codings"/>.
     1358   has been applied, as indicated by the Transfer-Encoding header field
     1359   (<xref target="header.transfer-encoding"/>).  If more than one
     1360   Transfer-Encoding header field is present in a message, the multiple
     1361   field-values &MUST; be combined into one field-value, according to the
     1362   algorithm defined in <xref target="header.fields"/>, before determining
     1363   the message-body length.
     1364</t>
     1365<t>
     1366   When one or more transfer-codings are applied to a payload in order to
     1367   form the message-body, the Transfer-Encoding header field &MUST; contain
     1368   the list of transfer-codings applied. Transfer-Encoding is a property of
     1369   the message, not of the payload, and thus &MAY; be added or removed by
     1370   any implementation along the request/response chain under the constraints
     1371   found in <xref target="transfer.codings"/>.
     1372</t>
     1373<t>
     1374   If a message is received that has multiple Content-Length header fields
     1375   (<xref target="header.content-length"/>) with field-values consisting
     1376   of the same decimal value, or a single Content-Length header field with
     1377   a field value containing a list of identical decimal values (e.g.,
     1378   "Content-Length: 42, 42"), indicating that duplicate Content-Length
     1379   header fields have been generated or combined by an upstream message
     1380   processor, then the recipient &MUST; replace the duplicated fields or
     1381   field-values with a single valid Content-Length field containing that
     1382   decimal value prior to determining the message-body length.
    13651383</t>
    13661384<t>
     
    14001418    </t></x:lt>
    14011419    <x:lt><t>
    1402      If a Transfer-Encoding header field (<xref target="header.transfer-encoding"/>)
    1403      is present and the "chunked" transfer-coding (<xref target="transfer.codings"/>)
     1420     If a Transfer-Encoding header field is present
     1421     and the "chunked" transfer-coding (<xref target="transfer.codings"/>)
    14041422     is the final encoding, the message-body length is determined by reading
    14051423     and decoding the chunked data until the transfer-coding indicates the
     
    14171435    </t>
    14181436    <t>
    1419      If a message is received with both a Transfer-Encoding header field and a
    1420      Content-Length header field, the Transfer-Encoding overrides the Content-Length.
     1437     If a message is received with both a Transfer-Encoding header field
     1438     and a Content-Length header field, the Transfer-Encoding overrides
     1439     the Content-Length.
    14211440     Such a message might indicate an attempt to perform request or response
    14221441     smuggling (bypass of security-related checks on message routing or content)
     
    14271446    <x:lt><t>
    14281447     If a message is received without Transfer-Encoding and with either
    1429      multiple Content-Length header fields or a single Content-Length header
    1430      field with an invalid value, then the message framing is invalid and
    1431      &MUST; be treated as an error to prevent request or response smuggling.
     1448     multiple Content-Length header fields having differing field-values or
     1449     a single Content-Length header field having an invalid value, then the
     1450     message framing is invalid and &MUST; be treated as an error to
     1451     prevent request or response smuggling.
    14321452     If this is a request message, the server &MUST; respond with
    14331453     a 400 (Bad Request) status code and then close the connection.
     
    14351455     or gateway &MUST; discard the received response, send a 502 (Bad Gateway)
    14361456     status code as its downstream response, and then close the connection.
    1437      If this is a response message received by a user-agent, it &SHOULD; be
     1457     If this is a response message received by a user-agent, it &MUST; be
    14381458     treated as an error by discarding the message and closing the connection.
    14391459    </t></x:lt>
    14401460    <x:lt><t>
    1441      If a valid Content-Length header field (<xref target="header.content-length"/>)
     1461     If a valid Content-Length header field
    14421462     is present without Transfer-Encoding, its decimal value defines the
    14431463     message-body length in octets.  If the actual number of octets sent in
Note: See TracChangeset for help on using the changeset viewer.