Welcome! Log In Create A New Profile

Re: [PATCH] Enforce that CR precede LF in chunk lines

Forum List Message List New Topic Print View

Ben Kallus

February 14, 2024 07:46PM

> Overall, I don't think there is a big difference here.

All I can say is that the hardest part of pulling off that type of
attack is guessing the length correctly. If you want to make that job
marginally easier, that's fine by me :)

> It won't, because "-C" is a non-portable flag provided by a
Debian-specific patch.

There is a CRLF option for nmap-ncat, openbsd netcat, and
netcat-traditional, as well as whatever nc ships with macOS. GNU
netcat doesn't support it, but it's unmaintained anyway.

> And even if it will work for some, this
will still complicate testing.

Most of the tests already use CRLF appropriately. Test cases that use
bare LF in chunks are inadvertently also testing an Nginx quirk in
addition to what they are intending to test, which is probably
undesirable.

-Ben
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH] Enforce that CR precede LF in chunk lines	Ben Kallus	233	January 24, 2024 10:22PM
Re: [PATCH] Enforce that CR precede LF in chunk lines	Maxim Dounin	38	January 25, 2024 05:16AM
Re: [PATCH] Enforce that CR precede LF in chunk lines	Ben Kallus	30	January 25, 2024 03:34PM
Re: [PATCH] Enforce that CR precede LF in chunk lines	Maxim Dounin	41	January 25, 2024 06:34PM
Re: [PATCH] Enforce that CR precede LF in chunk lines	Ben Kallus	79	February 14, 2024 07:46PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 197

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018