{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 手持菜刀,她持情操 的问题《HTTP Request Message Body Existence and Length》','https://www.manongdao.com/q-979037.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Based on the HTTP Request Method and Headers, a HTTP server has to determine whether or not to expect a Message Body after the closing CRLFCRLF of the HTTP Request Headers, and also when it does expect one, how many bytes long it is.
How is this calculation made? By what function of the request method and headers can we calculate the length of the request message body.
Followup:
So the HTTP server after parsing the header can simply do the following:
size_t RequestMessageBodyLength()
{
if (RequestHeaderExists("Content-Length"))
return RequestHeaderValue("Content-Length");
else
return 0;
}
Are there corner cases not covered by the above?
(I expect not, the case of the HEAD request is only for the response, not the request)
There is an entire header for this, called
Content-Length, which is specified here and probably explained better here.Answer to followup:
Yes, a server can use the pseudocode you posted above, as long as it isn't concerned about security. The general rule about security is: don't trust input that you didn't generate. In this case, an attacker could send thousands of requests with header
Content-Length: 1000000, and the server would allocate thousands of million-byte buffers and wait around for the content to come in, denying service to legitimate users. A production HTTP server has to account for this possibility, and use timeouts and other means to make sure that this problem doesn't occur, or is difficult for an attacker to create.The length of the message body calculated by the sender of the message. The length value is placed in the HTTP header Content-Length when the message is assembled.