Commit e082b7be authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa

nghttpx: Strict handling for Content-Length or Transfer-Encoding in h1

We now treat Content-Length or Transfer-Encoding as error if they come
with 204 or 1xx status code, or 200 to a CONNECT request in HTTP/1
response.
parent da01d8de
...@@ -701,6 +701,18 @@ int htp_hdrs_completecb(http_parser *htp) { ...@@ -701,6 +701,18 @@ int htp_hdrs_completecb(http_parser *htp) {
downstream->set_downstream_addr_group(dconn->get_downstream_addr_group()); downstream->set_downstream_addr_group(dconn->get_downstream_addr_group());
downstream->set_addr(dconn->get_addr()); downstream->set_addr(dconn->get_addr());
// Server MUST NOT send Transfer-Encoding with a status code 1xx or
// 204. Also server MUST NOT send Transfer-Encoding with a status
// code 200 to a CONNECT request. Same holds true with
// Content-Length.
if (resp.http_status == 204 || resp.http_status / 100 == 1 ||
(resp.http_status == 200 && req.method == HTTP_CONNECT)) {
if (resp.fs.header(http2::HD_CONTENT_LENGTH) ||
resp.fs.header(http2::HD_TRANSFER_ENCODING)) {
return -1;
}
}
if (resp.fs.parse_content_length() != 0) { if (resp.fs.parse_content_length() != 0) {
downstream->set_response_state(Downstream::MSG_BAD_HEADER); downstream->set_response_state(Downstream::MSG_BAD_HEADER);
return -1; return -1;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment