CHUNK-SIZE-PLUS
| Test ID | SMUG-CHUNK-SIZE-PLUS |
| Category | Smuggling |
| RFC | RFC 9112 §7.1 |
| Requirement | Implicit MUST (grammar violation) |
| Expected | 400 or close |
What it sends
A chunked request where chunk-size is prefixed by +.
POST / HTTP/1.1\r\n
Host: localhost:8080\r\n
Transfer-Encoding: chunked\r\n
\r\n
+5\r\n
hello\r\n
0\r\n
\r\nWhat the RFC says
“chunk-size = 1*HEXDIG” – RFC 9112 Section 7.1
The plus sign is not a hexadecimal digit. The chunk-size token is invalid.
Why it matters
Lenient numeric parsing (+5) in one component and strict parsing in another creates parser disagreement and desync opportunities.