Backport the rejection of non-'chunked' values in the transfer

  encoding; we simply don't know what, exactly to do with them.

  Backport the reporting of 'both C-L and T-E' when we encounter
  this edge case, setting the connection up to close down once
  we finish (perhaps we were victims of a request splitting attack).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/proxy-reqbody-2.0.x@230727 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/proxy/proxy_http.c b/modules/proxy/proxy_http.c
index 5575e7e1ac8e1b3cb8c76bc413789a42fae4cd92..c015aba810f43c72a7c8f18a0e50ecb60dbd0d27 100644 (file)
--- a/modules/proxy/proxy_http.c
+++ b/modules/proxy/proxy_http.c
@@ -1037,6 +1037,30 @@ apr_status_t ap_proxy_http_request(apr_pool_t *p, request_rec *r,
         goto skip_body;
     }
 
+    /* WE only understand chunked.  Other modules might inject
+     * (and therefore, decode) other flavors but we don't know
+     * that the can and have done so unless they they remove
+     * their decoding from the headers_in T-E list.
+     * XXX: Make this extensible, but in doing so, presume the
+     * encoding has been done by the extensions' handler, and 
+     * do not modify add_te_chunked's logic
+     */
+    if (old_te_val && strcmp(old_te_val, "chunked") != 0) {
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+                     "proxy: %s Transfer-Encoding is not supported",
+                     old_te_val);
+        return APR_EINVAL;
+    }
+
+    if (old_cl_val && old_te_val) {
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, APR_ENOTIMPL, r->server,
+                     "proxy: client %s (%s) requested Transfer-Encoding body"
+                     " with Content-Length (C-L ignored)",
+                     c->remote_ip, c->remote_host ? c->remote_host: "");
+        origin->keepalive = AP_CONN_CLOSE;
+        p_conn->close++;
+    }
+
     /* Prefetch MAX_MEM_SPOOL bytes
      *
      * This helps us avoid any election of C-L v.s. T-E