> From: Bhavesh Mistry [mailto:mistry.p.bhav...@gmail.com] > Subject: Re: Fwd: Tomcat-embed-core-9.0.12.jar bug about Content-Length Corrupting > Parsing logic for Subsequent Request
> I am stating following when you have request/response on the same TCP > connection. for example, > My understanding (please correct me if my wrong): It's wrong. All TCP traffic, including HTTP requests, is a stream of bytes. There are no indications where one request ends and another starts other than the content length in each request. If the malformed request specifies a length smaller than the actual content size, the next request will appear to start somewhere in the content stream. Similarly, if the request-specified content length is larger than the sent size, the connector consumes part of the next request as the content of the prior. There is no way for a server to correct this client misbehavior, other than by the server administrator disabling keep-alive - with serious performance impacts for well-mannered clients. Fix your broken client. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
smime.p7s
Description: S/MIME cryptographic signature
