Actual behavior
use Transfer-Encoding[space] as Transfer-Encoding
Steps to reproduce
1、topology: client→elb→nettyServer
2、client send a request with both content-length and trunked-encoded[space]
3、elb ignored trunked-encoded[space], but use content-length
4、netty use trunked-encoded[space]
Minimal yet complete reproducer code (or URL to code)
when header field end with space but not colon, shoud the space be ignored?
can not found proof in https://greenbytes.de/tech/webdav/rfc7230.html#header.fields.
code in io.netty.handler.codec.http.HttpObjectDecoder#splitHeader
for (nameEnd = nameStart; nameEnd < length; nameEnd ++) {
char ch = sb.charAt(nameEnd);
if (ch == ‘:‘ || Character.isWhitespace(ch)) {
break;
}
}
Netty version
all
JVM version (e.g. java -version)
OS version (e.g. uname -a)`
Netty 漏洞,建议大家升级netty至 4.1.42.Final版本
原文:https://blog.51cto.com/8745668/2442210