From 8dc6b9fc4f6302364ab826c9f6ccae84de33b6ca Mon Sep 17 00:00:00 2001 From: "William A. Rowe Jr" Date: Thu, 1 Dec 2016 16:29:27 +0000 Subject: [PATCH] Appears we cannot disallow this whitespace, since the chunk BNF coexisted with the implied *LWS rule, before RFC7230 eliminated the later. Whether this is actually OWS or BWS is an editorial decision beyond our pay grade. Backports: r1765475 Submitted by: wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-merge-http-strict@1772236 13f79535-47bb-0310-9956-ffa450edef68 --- modules/http/http_filters.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c index 8503067682c..63788d7d09b 100644 --- a/modules/http/http_filters.c +++ b/modules/http/http_filters.c @@ -221,8 +221,10 @@ static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer, return APR_EINVAL; } } - else if (!strict && (c == ' ' || c == '\t')) { - /* Be lenient up to 10 BWS (term from rfc7230 - 3.2.3). + else if (c == ' ' || c == '\t') { + /* Be lenient up to 10 implied *LWS, a legacy of RFC 2616, + * and noted as errata to RFC7230; + * https://www.rfc-editor.org/errata_search.php?rfc=7230&eid=4667 */ ctx->state = BODY_CHUNK_CR; if (++ctx->chunk_bws > 10) { -- 2.47.2