Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate Content-Length headers for incoming requests #3231

Merged
merged 1 commit into from Mar 6, 2018

Conversation

@bryancall
Copy link
Contributor

commented Mar 5, 2018

Respond with 400 code when Content-Length headers mismatch, remove
duplicate copies of the Content-Length header with exactly same values,
and remove Content-Length headers if Transfer-Encoding header exists.

@bryancall bryancall added the HTTP label Mar 5, 2018
@bryancall bryancall added this to the 8.0.0 milestone Mar 5, 2018
@bryancall bryancall self-assigned this Mar 5, 2018
@bryancall bryancall requested a review from zwoop Mar 5, 2018
@zwoop

This comment has been minimized.

Copy link
Contributor

commented Mar 5, 2018

[approve ci debian]


if ((content_length_len != content_length_len_2) ||
(memcmp(content_length_val, content_length_val_2, content_length_len) != 0)) {
// Delete the duplicate since it has the same value

This comment has been minimized.

Copy link
@zwoop

zwoop Mar 5, 2018

Contributor

This comment looks wrong? In this case, you are returning a parse error, not removing the dupe, right?

This comment has been minimized.

Copy link
@bryancall

bryancall Mar 5, 2018

Author Contributor

yeah, the comment is wrong

@zwoop zwoop added this to 7.1.3 backport in 7.x releases Mar 5, 2018
duplicate copies of the Content-Length header with exactly same values,
and remove Content-Length headers if Transfer-Encoding header exists.
@bryancall bryancall force-pushed the content_length branch from dd4f236 to c54b47b Mar 6, 2018
@zwoop
zwoop approved these changes Mar 6, 2018
@bryancall bryancall merged commit 44af6e5 into master Mar 6, 2018
9 checks passed
9 checks passed
Jenkins CentOS Build finished.
Details
Jenkins Clang-Analyzer Build finished.
Details
Jenkins Debian Build finished.
Details
Jenkins FreeBSD Build finished.
Details
Jenkins ICC Build finished.
Details
Jenkins RAT Build finished.
Details
Jenkins Ubuntu Build finished.
Details
Jenkins autest Build finished.
Details
Jenkins clang-format Build finished.
Details
@zwoop

This comment has been minimized.

Copy link
Contributor

commented Mar 6, 2018

Cherry-picked to 7.1.x

@zwoop zwoop removed this from 7.1.3 backport in 7.x releases Mar 6, 2018
@zwoop zwoop modified the milestones: 8.0.0, 7.1.3 Mar 6, 2018
@bryancall bryancall deleted the content_length branch Mar 14, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.