[squid-dev] [PATCH] Reject responses with conflicting Content-Length

Sat Aug 15 01:22:40 UTC 2015

On 13/08/2015 3:03 a.m., Alex Rousskov wrote:
> On 08/11/2015 11:49 PM, Amos Jeffries wrote:
> 
>> Which one of these malformations is not malign ?
>>
>>  * non-numeric Content-Length
>>  * negative value Content-Length
>>  * Content-Length with also Transfer-Encoding header
>>  * multiple different-value Content-Length
>>  * Content-Length on 204 response
> 
> All of them may be benign in _some_ cases.

No. All of them corrupt the possible interpretations of what object the
message is conveying. There is no way to reliably and safely handle the
payload of the message theu describe, and certainly not for any
following messages.

The only reasonable course of action to all of them is to reject with
4xx/5xx and terminate the entire connection. I dont see that outcome as
even possibly being non-harmful for the client operations.

The T-E and 204 cases are the most subtle. One could assume that C-L
might be ignored or dropped in some cases. But that actually is an
assumption that closer inspection does not bear out - all it does is
pass incorrect data on to the recipient. Either an endpoint recipient
after Squid, or Squids own internal logic gets told some wrong thing.
The result in all permutations of assumption is harm (smuggling,
truncation or corruption) at some point in the processing that follows.

> Again, just because something
> is malformed, does not mean it was created with an evil purpose and
> cannot be proxied as intended, without harm, in some specific environments.
> 
> It is pointless to argue about this. You are simply using a different
> definition of "benign". My definition, in this context, is "broken but
> not intended to maim".

I suspect you are thinking of benevolent/malicious.

Oxford/Cambridge dictionaries I use list "benign - not causing serious
harm", and/or not *capable* of causing serious harm. Intent does not
enter into it.

benign/malign are used for innanimate things, or animate mindless
things. Cancer often the example, does not have a mind and therefore no
intent. Yet is benign or malign.

American English / Websters adds "pleasant and kind; not harmful or
severe". But in terms of basic mood/emotional outlook underlying a
persons character.

benevolent/malicious are defined directly in terms of intention to cause
some benign/malign outcome respectively.

> 
> Please note that I am _not_ arguing that all benign traffic has to be
> proxied and cannot be blocked.
> 

I do. If it is benign it certainly should be tolerated. But benign !=
benevolent.

Some things are malign benevolent. Thats what we need to step up and
stop allowing as much as malicious inputs. Unintentional harm does more
damage, more often than active malevolence. Usually by allowing the
malicious actors the cracks to work with in the first place.

Amos