BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value

The following Transfer-Encoding header is now rejected with a
400-bad-request:

  Transfer-Encoding: chunked,\r\n

This case was not properly handled and the last empty value was just
ignored.

This patch must be backported as far as 2.6.

diff --git a/src/h1.c b/src/h1.c
index ff3f5ae9aa4f498f54596f3761afa2e7acc4c255..c373676453902a62174022efb403513468a36aae 100644 (file)
--- a/src/h1.c
+++ b/src/h1.c
@@ -140,6 +140,10 @@ int h1_parse_xfer_enc_header(struct h1m *h1m, struct ist value)
                        continue;
 
                n = http_find_hdr_value_end(word.ptr, e); // next comma or end of line
+
+               /* a comma at the end means the last value is empty */
+               if (n+1 == e)
+                       goto fail;
                word.len = n - word.ptr;
 
                /* trim trailing blanks */