Skip to content
This repository was archived by the owner on Jul 30, 2021. It is now read-only.

Commit 29870c8

Browse files
committed
Check for duplicate Content-Length headers in requests
If a duplicate CL header is in the request, we fail the request with a 400 (Bad Request) Fix a test case that was sending duplicate CL by misstake and would not fail because of that.
1 parent 85e8468 commit 29870c8

File tree

3 files changed

+36
-8
lines changed

3 files changed

+36
-8
lines changed

Diff for: bin/varnishd/cache_http.c

+13-6
Original file line numberDiff line numberDiff line change
@@ -639,21 +639,32 @@ http_splitline(struct worker *w, int fd, struct http *hp,
639639
/*--------------------------------------------------------------------*/
640640

641641
static int
642-
htc_request_check_host_hdr(struct http *hp)
642+
htc_request_check_hdrs(struct sess *sp, struct http *hp)
643643
{
644644
int u;
645645
int seen_host = 0;
646+
int seen_cl = 0;
647+
646648
for (u = HTTP_HDR_FIRST; u < hp->nhd; u++) {
647649
if (hp->hd[u].b == NULL)
648650
continue;
649651
AN(hp->hd[u].b);
650652
AN(hp->hd[u].e);
651653
if (http_IsHdr(&hp->hd[u], H_Host)) {
652654
if (seen_host) {
655+
WSP(sp, SLT_Error, "Duplicated Host header");
653656
return (400);
654657
}
655658
seen_host = 1;
656659
}
660+
if (http_IsHdr(&hp->hd[u], H_Content_Length)) {
661+
if (seen_cl) {
662+
WSP(sp, SLT_Error,
663+
"Duplicated Content-Length header");
664+
return (400);
665+
}
666+
seen_cl = 1;
667+
}
657668
}
658669
return (0);
659670
}
@@ -698,11 +709,7 @@ http_DissectRequest(struct sess *sp)
698709
}
699710
http_ProtoVer(hp);
700711

701-
retval = htc_request_check_host_hdr(hp);
702-
if (retval != 0) {
703-
WSP(sp, SLT_Error, "Duplicated Host header");
704-
return (retval);
705-
}
712+
retval = htc_request_check_hdrs(sp, hp);
706713
return (retval);
707714
}
708715

Diff for: bin/varnishtest/tests/b00041.vtc

+23
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
varnishtest "Fail request on duplicate Content-Length headers in requests"
2+
3+
server s1 {
4+
rxreq
5+
txresp
6+
} -start
7+
8+
varnish v1 -vcl+backend {
9+
sub vcl_deliver {
10+
if (req.http.foo) {
11+
set resp.http.Foo = req.http.foo;
12+
}
13+
if (req.http.bar) {
14+
set resp.http.Bar = req.http.bar;
15+
}
16+
}
17+
} -start
18+
19+
client c1 {
20+
txreq -req POST -hdr "Content-Length: 5" -body "12345"
21+
rxresp
22+
expect resp.status == 400
23+
} -run

Diff for: bin/varnishtest/tests/r00102.vtc

-2
Original file line numberDiff line numberDiff line change
@@ -17,14 +17,12 @@ varnish v1 -vcl+backend {
1717

1818
client c1 {
1919
txreq -req POST -url "/" \
20-
-hdr "Content-Length: 10" \
2120
-body "123456789\n"
2221
rxresp
2322
expect resp.status == 200
2423
expect resp.http.X-Varnish == "1001"
2524

2625
txreq -req POST -url "/" \
27-
-hdr "Content-Length: 10" \
2826
-body "123456789\n"
2927
rxresp
3028
expect resp.status == 200

0 commit comments

Comments
 (0)