diff options
| author | Yann Ylavic <ylavic@apache.org> | 2020-06-30 18:05:56 +0200 |
|---|---|---|
| committer | Yann Ylavic <ylavic@apache.org> | 2020-06-30 18:05:56 +0200 |
| commit | c7972307ee1c89e6efe8091e332a4f618b7d5d43 (patch) | |
| tree | 958027f86bda2ed36c5693fcbc565631790a4e6b /server/protocol.c | |
| parent | Travis changes: (diff) | |
| download | apache2-c7972307ee1c89e6efe8091e332a4f618b7d5d43.tar.xz apache2-c7972307ee1c89e6efe8091e332a4f618b7d5d43.zip | |
Follow up to r1877955: don't reuse the connection for mixed C-L / T-E requests
Disable keepalive on the connection if we received both Content-Length and
chunked Transfer-Encoding in the request, to avoid confusion with front
intermediaries and potential further request/response splitting.
This is what we do already for mod_proxy backend connections in the same case.
While at it, replace draft httpbis links with final RFC7230's.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879373 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'server/protocol.c')
| -rw-r--r-- | server/protocol.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/server/protocol.c b/server/protocol.c index b1f1974cf8..626560a64f 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -1534,7 +1534,7 @@ request_rec *ap_read_request(conn_rec *conn) tenc = apr_table_get(r->headers_in, "Transfer-Encoding"); if (tenc) { - /* http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-23 + /* https://tools.ietf.org/html/rfc7230 * Section 3.3.3.3: "If a Transfer-Encoding header field is * present in a request and the chunked transfer coding is not * the final encoding ...; the server MUST respond with the 400 @@ -1548,13 +1548,20 @@ request_rec *ap_read_request(conn_rec *conn) goto die_unusable_input; } - /* http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-23 + /* https://tools.ietf.org/html/rfc7230 * Section 3.3.3.3: "If a message is received with both a * Transfer-Encoding and a Content-Length header field, the * Transfer-Encoding overrides the Content-Length. ... A sender * MUST remove the received Content-Length field". */ - apr_table_unset(r->headers_in, "Content-Length"); + if (clen) { + apr_table_unset(r->headers_in, "Content-Length"); + + /* Don't reuse this connection anyway to avoid confusion with + * intermediaries and request/reponse spltting. + */ + conn->keepalive = AP_CONN_CLOSE; + } } } |