From 588164dbd0685d3ce366d483b285f57e468b34cf Mon Sep 17 00:00:00 2001 From: Yann Ylavic Date: Tue, 30 Jun 2020 14:18:22 +0000 Subject: [PATCH] Follow up to r1877955: always validate the Content-Length even if it is to be ignored because of RFC7230 section 3.3.3 requirements. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879369 13f79535-47bb-0310-9956-ffa450edef68 --- server/protocol.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/server/protocol.c b/server/protocol.c index 7b2449650f4..b1f1974cf88 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -1519,6 +1519,19 @@ request_rec *ap_read_request(conn_rec *conn) goto die_unusable_input; } + clen = apr_table_get(r->headers_in, "Content-Length"); + if (clen) { + apr_off_t cl; + + if (!ap_parse_strict_length(&cl, clen)) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(10242) + "client sent invalid Content-Length " + "(%s): %s", clen, r->uri); + access_status = HTTP_BAD_REQUEST; + goto die_unusable_input; + } + } + tenc = apr_table_get(r->headers_in, "Transfer-Encoding"); if (tenc) { /* http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-23 @@ -1543,17 +1556,6 @@ request_rec *ap_read_request(conn_rec *conn) */ apr_table_unset(r->headers_in, "Content-Length"); } - else if ((clen = apr_table_get(r->headers_in, "Content-Length"))) { - apr_off_t cl; - - if (!ap_parse_strict_length(&cl, clen)) { - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(10242) - "client sent invalid Content-Length " - "(%s): %s", clen, r->uri); - access_status = HTTP_BAD_REQUEST; - goto die_unusable_input; - } - } } /* -- 2.47.3