From d0f3dde0ba3de5dd82430555f71778af07f3a5da Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bosch@dovecot.fi>
Date: Tue, 20 Mar 2018 18:14:39 +0100
Subject: [PATCH] lib-http: server: Properly handle corrupt payload while
 finishing a request.

The HTTP_REQUEST_PARSE_ERROR_BROKEN_REQUEST was not handled, causing an
assertion panic. This situation occurred when the chunked transfer encoding was
invalid.
---
 src/lib-http/http-server-connection.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/lib-http/http-server-connection.c b/src/lib-http/http-server-connection.c
index 989114152c..4cbffc9dfe 100644
--- a/src/lib-http/http-server-connection.c
+++ b/src/lib-http/http-server-connection.c
@@ -521,6 +521,11 @@ http_server_connection_finish_request(struct http_server_connection *conn)
 				http_server_request_fail_close(req,
 					413, "Payload Too Large");
 				break;
+			case HTTP_REQUEST_PARSE_ERROR_BROKEN_REQUEST:
+				conn->input_broken = TRUE;
+				http_server_request_fail_close(req,
+					400, "Bad request");
+				break;
 			default:
 				i_unreached();
 			}
-- 
2.47.3