Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate Content-Length headers for incoming requests #3231

Merged
merged 1 commit into from
Mar 6, 2018
Merged

Validate Content-Length headers for incoming requests #3231

merged 1 commit into from
Mar 6, 2018

Conversation

bryancall
Copy link
Contributor

Respond with 400 code when Content-Length headers mismatch, remove
duplicate copies of the Content-Length header with exactly same values,
and remove Content-Length headers if Transfer-Encoding header exists.

@bryancall bryancall added the HTTP label Mar 5, 2018
@bryancall bryancall added this to the 8.0.0 milestone Mar 5, 2018
@bryancall bryancall self-assigned this Mar 5, 2018
@bryancall bryancall requested a review from zwoop March 5, 2018 19:13
@zwoop
Copy link
Contributor

zwoop commented Mar 5, 2018

[approve ci debian]

zwoop
zwoop requested changes Mar 5, 2018
View reviewed changes
proxy/hdrs/HTTP.cc Outdated

if ((content_length_len != content_length_len_2) ||
(memcmp(content_length_val, content_length_val_2, content_length_len) != 0)) {
// Delete the duplicate since it has the same value
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment looks wrong? In this case, you are returning a parse error, not removing the dupe, right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, the comment is wrong

@bryancall
Respond with 400 code when Content-Length headers mismatch, remove
c54b47b 
duplicate copies of the Content-Length header with exactly same values,
and remove Content-Length headers if Transfer-Encoding header exists.
@bryancall bryancall merged commit 44af6e5 into master Mar 6, 2018
@zwoop
Copy link
Contributor

zwoop commented Mar 6, 2018

Cherry-picked to 7.1.x

@zwoop zwoop modified the milestones: 8.0.0, 7.1.3 Mar 6, 2018
@bryancall bryancall deleted the content_length branch March 14, 2018 17:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zwoop zwoop zwoop approved these changes

Assignees

@bryancall bryancall

Labels
HTTP
Projects
None yet
Milestone
7.1.3
Development

Successfully merging this pull request may close these issues.
2 participants
@bryancall @zwoop