On Mar 30, 2009 at 18:12, Juha Heinanen jh@tutpro.com wrote:
Andrei Pelinescu-Onciul writes:
It's an abort() to quickly catch bugs (the content length value should always be checked and _never_ trusted) and to force people to fix them.
We could eliminate the abort() but then the incentive for fixing the real bug will be reduced :-)
it is very bad idea to make proxy owner to pay for bugs in UAs. if proxy returns an error to UA, it is the best incentive for the UA owner to fix the bug.
It's not a bug in the UA, it's a bug in the proxy code that uses a Content-Length received from the network without checking if it's valid. All such code instances must be changed and Content-Length must always be checked and never trusted, before using it for anything. That's what the abort() is for.
So removing the abort() it would fix the symptom, but not the real bug.
Andrei