libmicrohttpd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] HTTP range requests handling


From: Christian Grothoff
Subject: Re: [libmicrohttpd] HTTP range requests handling
Date: Sat, 21 Mar 2020 11:13:41 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0

Dear Emmanuel,

Not sure, for the main lib: due to the security considerations, an
implementation would be either inherently incomplete (suprise!), or
likely insecure (bad surprise). I don't like shipping either of these
surprises.

However, if you do have a reasonably robust implementation, we could
certainly at least add it to the MHD *examples* / documentation for
other people to more easily find and use it.

Happy hacking!

Christian

On 3/21/20 11:08 AM, Emmanuel Engelhart wrote:
> Hi Christian
> 
> Thank you for our quick response.
> 
> If we have one, would you be interested to integrate it to libmicrohttpd
> as a kind of helper solution?
> 
> Kind regards
> Emmanuel
> 
> On 21.03.20 10:56, Christian Grothoff wrote:
>> Hi!
>>
>> No, we don't. Note that you might not even want to support the full
>> range spec:
>>
>> https://tools.ietf.org/html/rfc7233#page-19
>>
>> https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/updated-mitigation-of-apache-range-header-dos-attack/
>>
>> Happy hacking!
>>
>> Christian
>>
>> On 3/21/20 10:45 AM, Emmanuel Engelhart wrote:
>>> Hi
>>>
>>> Does libmicrohttpd provides facilities to handle HTTP range requests
>>> parsing. The spec is quite complicated and it is pretty cumbersome to
>>> handle all cases within a custom parser.
>>>
>>> Regards
>>> Emmanuel
>>>
>>
> 
> 

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]