Skip to content

Enhances line terminator for chunk-size in Chunked Transfer Coding #2217

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
carryel opened this issue Dec 15, 2024 · 1 comment
Open

Enhances line terminator for chunk-size in Chunked Transfer Coding #2217

carryel opened this issue Dec 15, 2024 · 1 comment

Comments

@carryel
Copy link
Contributor

carryel commented Dec 15, 2024

The chunk size and chunk extension are terminated by a CRLF sequence.

RFC 9112 Chunked Transfer Coding

  chunk          = chunk-size [ chunk-ext ] CRLF

However, Grizzly allows even if the line terminator is only a single LF.

This can lead to unintended behavior with incorrect chunk-ext in reverse proxy solution environments.

Therefore, we should safely provide the ability to only allow CRLF.
carryel added a commit to carryel/grizzly that referenced this issue Dec 16, 2024
@carryel
Issue eclipse-ee4j#2217 "Enhances line terminator for chunk-size in C…
582420d 
…hunked Transfer Coding" (eclipse-ee4j#2217)

+ When the org.glassfish.grizzly.http.STRICT_CHUNKED_TRANSFER_CODING_LINE_TERMINATOR_RFC_9112 option is enabled, only CRLF is allowed as the chunk-size line terminator in Chunked Transfer Coding.
+ Added testcase depending on whether option is present or not
@carryel carryel mentioned this issue Dec 24, 2024
Open
@carryel
Copy link
Contributor Author

carryel commented Mar 7, 2025

For convenience, I will leave some of the contents of the commit log.

+ When the org.glassfish.grizzly.http.STRICT_CHUNKED_TRANSFER_CODING_LINE_TERMINATOR_RFC_9112 option is enabled, only CRLF is allowed as the chunk-size line terminator in Chunked Transfer Coding.

Note) The features related to this issue #2217 only work when the STRICT_CHUNKED_TRANSFER_CODING_LINE_TERMINATOR_RFC_9112 option is enabled, and the existing code base behavior is maintained when options are not enabled.

ex) -Dorg.glassfish.grizzly.http.STRICT_CHUNKED_TRANSFER_CODING_LINE_TERMINATOR_RFC_9112=true

carryel added a commit to carryel/grizzly that referenced this issue May 9, 2025
@carryel
Issue eclipse-ee4j#2217 "Enhances line terminator for chunk-size in C…
22ee8de 
…hunked Transfer Coding" (eclipse-ee4j#2217)

+ Constructors with a Properties argument are supported.

Therefore, the functionality is available in each listener using separate Properties.
The relationship between Properties and a global system property is mutually exclusive, and Properties has priority.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@carryel