You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2020/11/02 16:56:25 UTC

[Bug 64866] Too small Content-Length validation breaks SSTP

https://bz.apache.org/bugzilla/show_bug.cgi?id=64866

--- Comment #1 from Joe Orton <jo...@redhat.com> ---
"specifies that a Content-Length of 18446744073709551615 (ULONGLONG_MAX)"

What could possibly go wrong?

IMO, this is obviously deliberately invalid (and unsafe) use of HTTP, and httpd
is correct to reject it.  The protocol should chunked bodies if you need to
avoid specifying a C-L.  I'd suggest writing a lower level filter to handle
this not-really-HTTP protocol.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org