From 914eef0353c17501a4535c76e8aa8fe489359bce Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Fri, 11 Oct 2024 07:32:05 +0000
Subject: [PATCH] * modules/http/http_filters.c (parse_chunk_size):   Update
 comment after some investigation of a Squid interoperability   issue handling
 BWS after chunk-size, which httpd allows although   it is not permitted by
 RFC 7230 or RFC 9112. [skip ci]

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921254 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/http/http_filters.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
index 426fe2fcb97..004c3c2a6bf 100644
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -189,9 +189,15 @@ static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer,
             }
         }
         else if (c == ' ' || c == '\t') {
-            /* Be lenient up to 10 implied *LWS, a legacy of RFC 2616,
-             * and noted as errata to RFC7230;
+            /* This allows limited BWS (or 'implied *LWS' in RFC2616
+             * terms) between chunk-size and '[chunk-ext] CRLF'. This
+             * is not allowed by RFC7230/9112 though servers have been
+             * seen which emit spaces here. The code previously (and
+             * mistakenly?) referenced the 7230 errata concerning BWS
+             * *within* chunk-ext, but the conditional above is
+             * followed during chunk-ext (state BODY_CHUNK_EXT):
              * https://www.rfc-editor.org/errata_search.php?rfc=7230&eid=4667
+             * See also: https://github.com/squid-cache/squid/pull/1914
              */
             ctx->state = BODY_CHUNK_CR;
             if (++ctx->chunk_bws > 10) {