Changeset 2028

Timestamp:

03/12/12 15:45:25 (9 years ago)

Author:

fielding@…

Message:

Expand on message parsing robustness regarding whitespace.
Clarify that whitespace-delimited parsing by recipients is allowed.

Add requirement on recipients of whitespace between start-line and
first header field to be consistent with implementations and safe
from the header spoofing issues.

Reduce ABNF conformance by recipients to a SHOULD.

Addresses #411, #412, and #414.

Location:

draft-ietf-httpbis/latest

Files:

• p1-messaging.html (modified) (7 diffs)
• p1-messaging.xml (modified) (4 diffs)

draft-ietf-httpbis/latest/p1-messaging.html

@@ -449 +449 @@
   } 
   @bottom-center {
-       content: "Expires June 4, 2013"; 
+       content: "Expires June 6, 2013"; 
   } 
   @bottom-right {
@@ -491 +491 @@
       <meta name="dct.creator" content="Reschke, J. F.">
       <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p1-messaging-latest">
-      <meta name="dct.issued" scheme="ISO8601" content="2012-12-01">
+      <meta name="dct.issued" scheme="ISO8601" content="2012-12-03">
       <meta name="dct.replaces" content="urn:ietf:rfc:2145">
       <meta name="dct.replaces" content="urn:ietf:rfc:2616">
@@ -520 +520 @@
             <tr>
                <td class="left">Intended status: Standards Track</td>
-               <td class="right">December 1, 2012</td>
+               <td class="right">December 3, 2012</td>
             </tr>
             <tr>
-               <td class="left">Expires: June 4, 2013</td>
+               <td class="left">Expires: June 6, 2013</td>
                <td class="right"></td>
             </tr>
@@ -551 +551 @@
          in progress”.
       </p>
-      <p>This Internet-Draft will expire on June 4, 2013.</p>
+      <p>This Internet-Draft will expire on June 6, 2013.</p>
       <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
       <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
@@ -1140 +1140 @@
          Likewise, the presence of such whitespace in a response might be ignored by some clients or cause others to cease parsing.
       </p>
+      <p id="rfc.section.3.1.p.5">A recipient that receives whitespace between the start-line and the first header field <em class="bcp14">MUST</em> either reject the message as invalid or consume each whitespace-preceded line without further processing of it (i.e., ignore
+         the entire line, along with any subsequent lines preceded by whitespace, until a properly formed header field is received
+         or the header block is terminated).
+      </p>
       <h3 id="rfc.section.3.1.1"><a href="#rfc.section.3.1.1">3.1.1</a>&nbsp;<a id="request.line" href="#request.line">Request Line</a></h3>
       <p id="rfc.section.3.1.1.p.1">A request-line begins with a method token, followed by a single space (SP), the request-target, another single space (SP),
@@ -1158 +1162 @@
       </p>
       <p id="rfc.section.3.1.1.p.8">No whitespace is allowed inside the method, request-target, and protocol version. Hence, recipients typically parse the request-line
-         into its component parts by splitting on the SP characters.
+         into its component parts by splitting on whitespace (see <a href="#message.robustness" title="Message Parsing Robustness">Section&nbsp;3.5</a>).
       </p>
       <p id="rfc.section.3.1.1.p.9">Unfortunately, some user agents fail to properly encode hypertext references that have embedded whitespace, sending the characters
-         directly instead of properly percent-encoding the disallowed characters. Recipients of an invalid request-line <em class="bcp14">SHOULD</em> respond with either a <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> error or a <a href="p2-semantics.html#status.301" class="smpl">301 (Moved Permanently)</a> redirect with the request-target properly encoded. Recipients <em class="bcp14">SHOULD NOT</em> attempt to autocorrect and then process the request without a redirect, since the invalid request-line might be deliberately
+         directly instead of properly encoding or excluding the disallowed characters. Recipients of an invalid request-line <em class="bcp14">SHOULD</em> respond with either a <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> error or a <a href="p2-semantics.html#status.301" class="smpl">301 (Moved Permanently)</a> redirect with the request-target properly encoded. Recipients <em class="bcp14">SHOULD NOT</em> attempt to autocorrect and then process the request without a redirect, since the invalid request-line might be deliberately
          crafted to bypass security filters along the request chain.
       </p>
@@ -1492 +1496 @@
       </p>
       <p id="rfc.section.3.5.p.2">In the interest of robustness, servers <em class="bcp14">SHOULD</em> ignore at least one empty line received where a request-line is expected. In other words, if the server is reading the protocol
-         stream at the beginning of a message and receives a CRLF first, it <em class="bcp14">SHOULD</em> ignore the CRLF. Likewise, although the line terminator for the start-line and header fields is the sequence CRLF, we recommend
-         that recipients recognize a single LF as a line terminator and ignore any CR.
-      </p>
-      <p id="rfc.section.3.5.p.3">When a server listening only for HTTP request messages, or processing what appears from the start-line to be an HTTP request
+         stream at the beginning of a message and receives a CRLF first, it <em class="bcp14">SHOULD</em> ignore the CRLF.
+      </p>
+      <p id="rfc.section.3.5.p.3">Although the line terminator for the start-line and header fields is the sequence CRLF, recipients <em class="bcp14">MAY</em> recognize a single LF as a line terminator and ignore any preceding CR.
+      </p>
+      <p id="rfc.section.3.5.p.4">Although the request-line and status-line grammar rules require that each of the component elements be separated by a single
+         SP octet, recipients <em class="bcp14">MAY</em> instead parse on whitespace-delimited word boundaries and, aside from the CRLF terminator, treat any form of whitespace as
+         the SP separator while ignoring preceding or trailing whitespace; such whitespace includes one or more of the following octets:
+         SP, HTAB, VT (%x0B), FF (%x0C), or bare CR.
+      </p>
+      <p id="rfc.section.3.5.p.5">When a server listening only for HTTP request messages, or processing what appears from the start-line to be an HTTP request
          message, receives a sequence of octets that does not match the HTTP-message grammar aside from the robustness exceptions listed
-         above, the server <em class="bcp14">MUST</em> respond with an HTTP/1.1 <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> response.
+         above, the server <em class="bcp14">SHOULD</em> respond with a <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> response.
       </p>
       <h1 id="rfc.section.4"><a href="#rfc.section.4">4.</a>&nbsp;<a id="transfer.codings" href="#transfer.codings">Transfer Codings</a></h1>

draft-ietf-httpbis/latest/p1-messaging.xml

@@ -1048 +1048 @@
    ignored by some clients or cause others to cease parsing.
 </t>
+<t>
+   A recipient that receives whitespace between the start-line and
+   the first header field &MUST; either reject the message as invalid or
+   consume each whitespace-preceded line without further processing of it
+   (i.e., ignore the entire line, along with any subsequent lines preceded
+   by whitespace, until a properly formed header field is received or the
+   header block is terminated).
+</t>
 
 <section title="Request Line" anchor="request.line">
@@ -1085 +1093 @@
    No whitespace is allowed inside the method, request-target, and
    protocol version.  Hence, recipients typically parse the request-line
-   into its component parts by splitting on the SP characters.
+   into its component parts by splitting on whitespace
+   (see <xref target="message.robustness"/>).
 </t>
 <t>
    Unfortunately, some user agents fail to properly encode hypertext
-   references that have embedded whitespace, sending the characters
-   directly instead of properly percent-encoding the disallowed characters.
+   references that have embedded whitespace, sending the characters directly
+   instead of properly encoding or excluding the disallowed characters.
    Recipients of an invalid request-line &SHOULD; respond with either a
    <x:ref>400 (Bad Request)</x:ref> error or a <x:ref>301 (Moved Permanently)</x:ref>
@@ -1801 +1810 @@
    the server is reading the protocol stream at the beginning of a
    message and receives a CRLF first, it &SHOULD; ignore the CRLF.
-   Likewise, although the line terminator for the start-line and header
-   fields is the sequence CRLF, we recommend that recipients recognize a
-   single LF as a line terminator and ignore any CR.
+</t>
+<t>
+   Although the line terminator for the start-line and header
+   fields is the sequence CRLF, recipients &MAY; recognize a
+   single LF as a line terminator and ignore any preceding CR.
+</t>
+<t>
+   Although the request-line and status-line grammar rules require that each
+   of the component elements be separated by a single SP octet, recipients
+   &MAY; instead parse on whitespace-delimited word boundaries and, aside
+   from the CRLF terminator, treat any form of whitespace as the SP separator
+   while ignoring preceding or trailing whitespace;
+   such whitespace includes one or more of the following octets:
+   SP, HTAB, VT (%x0B), FF (%x0C), or bare CR. 
 </t>
 <t>
@@ -1810 +1830 @@
    receives a sequence of octets that does not match the HTTP-message
    grammar aside from the robustness exceptions listed above, the
-   server &MUST; respond with an HTTP/1.1 <x:ref>400 (Bad Request)</x:ref> response.  
+   server &SHOULD; respond with a <x:ref>400 (Bad Request)</x:ref> response.  
 </t>
 </section>