Closed kenballus closed 10 months ago
RFC 9112 defines a chunked message body with the following ABNF rules:
chunked-body = *chunk last-chunk trailer-section CRLF chunk = chunk-size [ chunk-ext ] CRLF chunk-data CRLF chunk-size = 1*HEXDIG last-chunk = 1*("0") [ chunk-ext ] CRLF chunk-data = 1*OCTET ; a sequence of chunk-size octets
Note that no whitespace is permitted preceding a chunk-size. Pound accepts and forwards whitespace before chunk-sizes.
For example, when I send the following invalid request to my Pound reverse proxy:
POST / HTTP/1.1\r\n Host: whatever\r\n Transfer-Encoding: chunked\r\n \r\n \t0\r\n \r\n'
here's what it forwards to its backend:
POST / HTTP/1.1\r\n Host: whatever\r\n Transfer-Encoding: chunked\r\n X-Forwarded-For: 172.18.0.1\r\n X-Forwarded-Proto: http\r\n X-Forwarded-Port: 80\r\n \r\n \t0\r\n \r\n
Note that the \t before the 0 chunk size is preserved through the proxy.
\t
0
Fixed in commit 3870135280
RFC 9112 defines a chunked message body with the following ABNF rules:
Note that no whitespace is permitted preceding a chunk-size. Pound accepts and forwards whitespace before chunk-sizes.
For example, when I send the following invalid request to my Pound reverse proxy:
here's what it forwards to its backend:
Note that the
\t
before the0
chunk size is preserved through the proxy.