Re: case insensitive, multi-line headers

["Roy T. Fielding" <fi...@kiwi.ics.uci.edu>]

>> Look at getline() we handle multiline headers.
>
>Although there's an obvious bug.  If there's a line that exceeds the
>buffer size then we bail without reading the rest of the line and any
>possible continuation lines.  So we'll treat the rest of the line as if
>it's a new line.  Bad. 

Actually, that was on purpose.  If we just read a line that is over 8KB,
the chances that we'd give a damn about the next line being a continuation
are very small.  Since we lack a 4xx headers too long response, it was
left as-is until post-1.2.  *shrug*  Marc, where'd the patch go?

....Roy

Re: case insensitive, multi-line headers

[Marc Slemko <ma...@worldgate.com>]

On Thu, 5 Feb 1998, Roy T. Fielding wrote:

> >> Look at getline() we handle multiline headers.
> >
> >Although there's an obvious bug.  If there's a line that exceeds the
> >buffer size then we bail without reading the rest of the line and any
> >possible continuation lines.  So we'll treat the rest of the line as if
> >it's a new line.  Bad. 
> 
> Actually, that was on purpose.  If we just read a line that is over 8KB,
> the chances that we'd give a damn about the next line being a continuation
> are very small.  Since we lack a 4xx headers too long response, it was
> left as-is until post-1.2.  *shrug*  Marc, where'd the patch go?

What we really should do is puke on the whole request if this happens.  We
should also puke on the whole request if we get too many headers, which
was where I started on all this.  I ran into so many inter-related things
that I haven't had a chance to work it out yet because I'm too busy.

I'll look at what Ed's patch does and what I have when I get time.