Skip to content
This repository has been archived by the owner on Jul 30, 2021. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
Check for duplicate Content-Length headers in requests
If a duplicate CL header is in the request, we fail the request with a
400 (Bad Request)

Fix a test case that was sending duplicate CL by misstake and would
not fail because of that.
  • Loading branch information
mbgrydeland committed Mar 16, 2015
1 parent 85e8468 commit 29870c8
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 8 deletions.
19 changes: 13 additions & 6 deletions bin/varnishd/cache_http.c
Expand Up @@ -639,21 +639,32 @@ http_splitline(struct worker *w, int fd, struct http *hp,
/*--------------------------------------------------------------------*/

static int
htc_request_check_host_hdr(struct http *hp)
htc_request_check_hdrs(struct sess *sp, struct http *hp)
{
int u;
int seen_host = 0;
int seen_cl = 0;

for (u = HTTP_HDR_FIRST; u < hp->nhd; u++) {
if (hp->hd[u].b == NULL)
continue;
AN(hp->hd[u].b);
AN(hp->hd[u].e);
if (http_IsHdr(&hp->hd[u], H_Host)) {
if (seen_host) {
WSP(sp, SLT_Error, "Duplicated Host header");
return (400);
}
seen_host = 1;
}
if (http_IsHdr(&hp->hd[u], H_Content_Length)) {
if (seen_cl) {
WSP(sp, SLT_Error,
"Duplicated Content-Length header");
return (400);
}
seen_cl = 1;
}
}
return (0);
}
Expand Down Expand Up @@ -698,11 +709,7 @@ http_DissectRequest(struct sess *sp)
}
http_ProtoVer(hp);

retval = htc_request_check_host_hdr(hp);
if (retval != 0) {
WSP(sp, SLT_Error, "Duplicated Host header");
return (retval);
}
retval = htc_request_check_hdrs(sp, hp);
return (retval);
}

Expand Down
23 changes: 23 additions & 0 deletions bin/varnishtest/tests/b00041.vtc
@@ -0,0 +1,23 @@
varnishtest "Fail request on duplicate Content-Length headers in requests"

server s1 {
rxreq
txresp
} -start

varnish v1 -vcl+backend {
sub vcl_deliver {
if (req.http.foo) {
set resp.http.Foo = req.http.foo;
}
if (req.http.bar) {
set resp.http.Bar = req.http.bar;
}
}
} -start

client c1 {
txreq -req POST -hdr "Content-Length: 5" -body "12345"
rxresp
expect resp.status == 400
} -run
2 changes: 0 additions & 2 deletions bin/varnishtest/tests/r00102.vtc
Expand Up @@ -17,14 +17,12 @@ varnish v1 -vcl+backend {

client c1 {
txreq -req POST -url "/" \
-hdr "Content-Length: 10" \
-body "123456789\n"
rxresp
expect resp.status == 200
expect resp.http.X-Varnish == "1001"

txreq -req POST -url "/" \
-hdr "Content-Length: 10" \
-body "123456789\n"
rxresp
expect resp.status == 200
Expand Down

0 comments on commit 29870c8

Please sign in to comment.