From fbecb26eecea888ccdfdbd408b92e341e6003ea7 Mon Sep 17 00:00:00 2001 From: Nazar Leush Date: Wed, 4 Oct 2017 16:33:37 +0300 Subject: [PATCH] Fix duplicate Content-Length header with same values Throw error only if values are different. Known issues: https://github.com/request/request/issues/2091#issuecomment-328715113 https://github.com/nodejs/node/issues/6517#issuecomment-216263771 Test url with duplicate headers: https://bazimag.com/article/6989-the-evil-within-2-preview --- http-parser.js | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/http-parser.js b/http-parser.js index 03caa04..1f2e832 100644 --- a/http-parser.js +++ b/http-parser.js @@ -279,17 +279,27 @@ HTTPParser.prototype.HEADER = function () { } else { var headers = info.headers; var hasContentLength = false; + var currentContentLengthValue; for (var i = 0; i < headers.length; i += 2) { switch (headers[i].toLowerCase()) { case 'transfer-encoding': this.isChunked = headers[i + 1].toLowerCase() === 'chunked'; break; case 'content-length': + currentContentLengthValue = +headers[i + 1]; if (hasContentLength) { - throw parseErrorCode('HPE_UNEXPECTED_CONTENT_LENGTH'); + // Fix duplicate Content-Length header with same values. + // Throw error only if values are different. + // Known issues: + // https://github.com/request/request/issues/2091#issuecomment-328715113 + // https://github.com/nodejs/node/issues/6517#issuecomment-216263771 + if (currentContentLengthValue !== this.body_bytes) { + throw parseErrorCode('HPE_UNEXPECTED_CONTENT_LENGTH'); + } + } else { + hasContentLength = true; + this.body_bytes = currentContentLengthValue; } - hasContentLength = true; - this.body_bytes = +headers[i + 1]; break; case 'connection': this.connection += headers[i + 1].toLowerCase();