Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Make auto_cl more selective based on HTTP method #11945
According to https://tools.ietf.org/html/rfc7230#section-3.3.2, a zero content-length is valid for some kinds of HTTP methods.
Instead of implicitly disabling auto_cl if there is no actual content, only disable auto_cl default for HTTP methods where semantics of the message do not anticipate any content. This can still be overridden by a caller if it still wants to add an empty content-length for HTTP methods where it does not normally make sense (e.g. if it exploits a bug.)
Based on comments from #11937. @sempervictus does this look more in line with what you're thinking? There is not a way in packet.rb to disable auto_cl based on method because that is only defined in the child class.
Update: Looks like the first required use of 0-byte Content-Length required is in Meterpreter itself. This patch also fixes a regression in reverse_http/s transports which use it.