30 Mar
2009
30 Mar
'09
6:15 p.m.
On Mar 30, 2009 at 18:12, Juha Heinanen <jh(a)tutpro.com> wrote:
Andrei Pelinescu-Onciul writes:
It's not a bug in the UA, it's a bug in the proxy code that uses a
Content-Length received from the network without checking if it's valid.
All such code instances must be changed and Content-Length must always
be checked and never trusted, before using it for anything.
That's what the abort() is for.
So removing the abort() it would fix the symptom, but not the real bug.
Andrei
It's an abort() to quickly catch bugs (the
content length value should
always be checked and _never_ trusted) and to force people to fix
them.
We could eliminate the abort() but then the incentive for fixing the
real bug will be reduced :-)
it is very bad idea to make proxy owner to pay for bugs in UAs. if
proxy returns an error to UA, it is the best incentive for the UA owner
to fix the bug.