Skip to content

Commit

Permalink
Reject requests with multiple content-length headers
Browse files Browse the repository at this point in the history
  • Loading branch information
@trowski
trowski committed Aug 9, 2019
1 parent 7229c13 commit b4e0cd0
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 3 deletions.
4 changes: 4 additions & 0 deletions src/Driver/Http1Driver.php
View file
Expand Up @@ -334,6 +334,10 @@ private function parser(): \Generator
);
}

if (isset($contentLength["content-length"][1])) {
throw new ClientException("Bad Request: multiple content-length headers", Status::BAD_REQUEST);
}

$contentLength = $headers["content-length"][0] ?? null;
if ($contentLength !== null) {
if (!\preg_match("/^(?:0|[1-9][0-9]*)$/", $contentLength)) {
Expand Down
11 changes: 8 additions & 3 deletions src/Driver/Http2Driver.php
View file
Expand Up @@ -1336,13 +1336,18 @@ function (int $bodySize) use ($id) {
);

if (isset($headers["content-length"])) {
$length = \implode($headers["content-length"]);
if (!\preg_match('/^0|[1-9][0-9]*$/', $length)) {
if (isset($headers["content-length"][1])) {
$error = self::PROTOCOL_ERROR;
goto stream_error;
}

$stream->expectedLength = (int) $length;
$contentLength = $headers["content-length"][0];
if (!\preg_match('/^0|[1-9][0-9]*$/', $contentLength)) {
$error = self::PROTOCOL_ERROR;
goto stream_error;
}

$stream->expectedLength = (int) $contentLength;
}

$this->streamIdMap[\spl_object_hash($request)] = $id;
Expand Down

0 comments on commit b4e0cd0

Please sign in to comment.