]> git.ipfire.org Git - thirdparty/apache/httpd.git/commitdiff
projects / thirdparty / apache / httpd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6bd78e3)
Follow up to r1877955: don't reuse the connection for mixed C-L / T-E requests
authorYann Ylavic <ylavic@apache.org>
Tue, 30 Jun 2020 16:05:56 +0000 (16:05 +0000)
committerYann Ylavic <ylavic@apache.org>
Tue, 30 Jun 2020 16:05:56 +0000 (16:05 +0000)
Disable keepalive on the connection if we received both Content-Length and
chunked Transfer-Encoding in the request, to avoid confusion with front
intermediaries and potential further request/response splitting.

This is what we do already for mod_proxy backend connections in the same case.

While at it, replace draft httpbis links with final RFC7230's.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879373 13f79535-47bb-0310-9956-ffa450edef68

server/protocol.c patch | blob | blame | history

diff --git a/server/protocol.c b/server/protocol.c
index b1f1974cf889b8b352ca63c581d068291ada9fd1..626560a64f6401c45ed1ce2e9bd3719d457e23f4 100644 (file)
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -1534,7 +1534,7 @@ request_rec *ap_read_request(conn_rec *conn)
 
         tenc = apr_table_get(r->headers_in, "Transfer-Encoding");
         if (tenc) {
-            /* http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-23
+            /* https://tools.ietf.org/html/rfc7230
              * Section 3.3.3.3: "If a Transfer-Encoding header field is
              * present in a request and the chunked transfer coding is not
              * the final encoding ...; the server MUST respond with the 400
@@ -1548,13 +1548,20 @@ request_rec *ap_read_request(conn_rec *conn)
                 goto die_unusable_input;
             }
 
-            /* http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-23
+            /* https://tools.ietf.org/html/rfc7230
              * Section 3.3.3.3: "If a message is received with both a
              * Transfer-Encoding and a Content-Length header field, the
              * Transfer-Encoding overrides the Content-Length. ... A sender
              * MUST remove the received Content-Length field".
              */
-            apr_table_unset(r->headers_in, "Content-Length");
+            if (clen) {
+                apr_table_unset(r->headers_in, "Content-Length");
+
+                /* Don't reuse this connection anyway to avoid confusion with
+                 * intermediaries and request/reponse spltting.
+                 */
+                conn->keepalive = AP_CONN_CLOSE;
+            }
         }
     }
 
Mirror of https://github.com/apache/httpd.git