* modules/http/http_filters.c (parse_chunk_size):

  Update comment after some investigation of a Squid interoperability
  issue handling BWS after chunk-size, which httpd allows although
  it is not permitted by RFC 7230 or RFC 9112. [skip ci]

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921254 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
index 426fe2fcb979e210128cc6c54b652cde95d90c55..004c3c2a6bf5c48edd9a285ee542f4e38cef0620 100644 (file)
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -189,9 +189,15 @@ static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer,
             }
         }
         else if (c == ' ' || c == '\t') {
-            /* Be lenient up to 10 implied *LWS, a legacy of RFC 2616,
-             * and noted as errata to RFC7230;
+            /* This allows limited BWS (or 'implied *LWS' in RFC2616
+             * terms) between chunk-size and '[chunk-ext] CRLF'. This
+             * is not allowed by RFC7230/9112 though servers have been
+             * seen which emit spaces here. The code previously (and
+             * mistakenly?) referenced the 7230 errata concerning BWS
+             * *within* chunk-ext, but the conditional above is
+             * followed during chunk-ext (state BODY_CHUNK_EXT):
              * https://www.rfc-editor.org/errata_search.php?rfc=7230&eid=4667
+             * See also: https://github.com/squid-cache/squid/pull/1914
              */
             ctx->state = BODY_CHUNK_CR;
             if (++ctx->chunk_bws > 10) {