Opened 10 years ago

#3618 defect new

If the content-length header does not agree with the content written, HTTP connections can be corrupted

Reported by: Jean-Paul Calderone Owned by:
Priority: normal Milestone:
Component: web Keywords:
Cc: Branch:
Author:

Description

If an HTTP server application sets content-length and then writes a different number of bytes than that before finishing, the http connection becomes corrupt and unusable. If too many bytes are written, the excess will be interpreted as the response to the next request (if persistent connections are being used, which they probably are if you're setting content-lengths I suppose). If too few, the next response will be interpreted as bytes in the body of the previous response. Either of these is wrong and leads to pretty bad behavior. The server can catch this and help out a little by making the failure noisy (eg, close the connection so that the next response never has a chance to happen over the corrupted connection).

Change History (1)

comment:1 Changed 8 years ago by <automation>

Owner: jknight deleted
Note: See TracTickets for help on using tickets.