[tor-onions] HTTP GZIP Compression remote date and time leak
teor
teor2345 at gmail.com
Mon Feb 22 20:42:17 UTC 2016
> On 23 Feb 2016, at 02:27, Jose Carlos Norte <jcarlos.norte at gmail.com> wrote:
>
> To provide additional information, I have found that only Microsoft Windows Operating Systems are providing local times instead of universal times in the MTIME field of the gzip header. The gzip specification states that only universal times should be used, as you can see here:
>
> http://www.zlib.org/rfc-gzip.html#header-trailer
>
> However, for some reason, microsoft windows or some gzip implementation in some popular web server for Microsoft Windows is not respecting the specification and is using local times instead of universal times.
Windows stores the time in local time internally. If the time one isn't set correctly on the server, or non-timezone-aware APIs are used, applications will report local time.
Compounding this, if applications don't use deflateInit2 correctly, the header contains a time value.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP 968F094B
teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-onions/attachments/20160223/3cc1a714/attachment.html>
More information about the tor-onions
mailing list