do {
const char *name;
size_t namelen;
+ bool is_chunked = FALSE;
/* Parse a single encoding name. */
while(ISBLANK(*enclist) || *enclist == ',')
const struct Curl_cwtype *cwt;
struct Curl_cwriter *writer;
+ is_chunked = (is_transfer && (namelen == 7) &&
+ strncasecompare(name, "chunked", 7));
/* if we skip the decoding in this phase, do not look further.
* Exception is "chunked" transfer-encoding which always must happen */
- if((is_transfer && !data->set.http_transfer_encoding &&
- (namelen != 7 || !strncasecompare(name, "chunked", 7))) ||
+ if((is_transfer && !data->set.http_transfer_encoding && !is_chunked) ||
(!is_transfer && data->set.http_ce_skip)) {
/* not requested, ignore */
return CURLE_OK;
}
cwt = find_unencode_writer(name, namelen, phase);
- if(is_transfer && cwt && strncasecompare(name, "chunked", 7) &&
- Curl_cwriter_get_by_type(data, cwt)) {
+ if(cwt && is_chunked && Curl_cwriter_get_by_type(data, cwt)) {
/* A 'chunked' transfer encoding has already been added.
- * Ignore duplicates. See #13451. */
+ * Ignore duplicates. See #13451.
+ * Also RFC 9112, ch. 6.1:
+ * "A sender MUST NOT apply the chunked transfer coding more than
+ * once to a message body."
+ */
return CURLE_OK;
}
+ if(is_transfer && !is_chunked &&
+ Curl_cwriter_get_by_name(data, "chunked")) {
+ /* RFC 9112, ch. 6.1:
+ * "If any transfer coding other than chunked is applied to a
+ * response's content, the sender MUST either apply chunked as the
+ * final transfer coding or terminate the message by closing the
+ * connection."
+ * "chunked" must be the last added to be the first in its phase,
+ * reject this.
+ */
+ failf(data, "Reject response due to 'chunked' not being the last "
+ "Transfer-Encoding");
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
if(!cwt)
cwt = &error_writer; /* Defer error at use. */
projects / thirdparty / curl.git / commitdiff
