You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Because Pound parses chunk sizes using strtoll(, , 16), chunk sizes that begin with 0x are erroneously accepted and forwarded. - and + prefixes are also accepted for the same reason, though - is only accepted when the chunk size is 0. This is not permitted in the HTTP RFCs, and can lead to problems for downstream servers because some servers interpret chunk sizes that begin with 0x as equivalent to 0. This can be used for request smuggling against such servers.
The text was updated successfully, but these errors were encountered:
kenballus
changed the title
Pound accepts and forwards chunk-sizes prefixed with 0x.
Pound forwards chunk sizes prefixed with 0xOct 10, 2023
kenballus
changed the title
Pound forwards chunk sizes prefixed with 0x
Pound forwards chunk sizes prefixed with 0x, -, and +Oct 10, 2023
Because Pound parses chunk sizes using
strtoll(, , 16)
, chunk sizes that begin with0x
are erroneously accepted and forwarded.-
and+
prefixes are also accepted for the same reason, though-
is only accepted when the chunk size is 0. This is not permitted in the HTTP RFCs, and can lead to problems for downstream servers because some servers interpret chunk sizes that begin with0x
as equivalent to0
. This can be used for request smuggling against such servers.The text was updated successfully, but these errors were encountered: