Follow up to r1877955: always validate the Content-Length

even if it is to be ignored because of RFC7230 section 3.3.3 requirements.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879369 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 13 insertions, 11 deletions

diff --git a/server/protocol.c b/server/protocol.c
index 7b2449650f..b1f1974cf8 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -1519,6 +1519,19 @@ request_rec *ap_read_request(conn_rec *conn)
             goto die_unusable_input;
         }
 
+        clen = apr_table_get(r->headers_in, "Content-Length");
+        if (clen) {
+            apr_off_t cl;
+
+            if (!ap_parse_strict_length(&cl, clen)) {
+                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(10242)
+                              "client sent invalid Content-Length "
+                              "(%s): %s", clen, r->uri);
+                access_status = HTTP_BAD_REQUEST;
+                goto die_unusable_input;
+            }
+        }
+
         tenc = apr_table_get(r->headers_in, "Transfer-Encoding");
         if (tenc) {
             /* http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-23
@@ -1543,17 +1556,6 @@ request_rec *ap_read_request(conn_rec *conn)
              */
             apr_table_unset(r->headers_in, "Content-Length");
         }
-        else if ((clen = apr_table_get(r->headers_in, "Content-Length"))) {
-            apr_off_t cl;
-
-            if (!ap_parse_strict_length(&cl, clen)) {
-                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(10242)
-                              "client sent invalid Content-Length "
-                              "(%s): %s", clen, r->uri);
-                access_status = HTTP_BAD_REQUEST;
-                goto die_unusable_input;
-            }
-        }
     }
 
     /*