Reject Transfer-Encoding in pre-HTTP/1.1 requests

author Brian Neradt <brian.neradt@gmail.com>

Sat, 21 May 2022 17:28:31 +0000 (18:28 +0100)

committer Jean Baptiste Favre <debian@jbfavre.org>

Sat, 21 May 2022 17:28:31 +0000 (18:28 +0100)
author Brian Neradt <brian.neradt@gmail.com>
Sat, 21 May 2022 17:28:31 +0000 (18:28 +0100)
committer Jean Baptiste Favre <debian@jbfavre.org>
Sat, 21 May 2022 17:28:31 +0000 (18:28 +0100)
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc

index b34d1f028ed54d77274fec0764ad02e4a579b2c3..113c8018bb5844d00cb49e5559303c253a96a356 100644 (file)
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -5174,6 +5174,17 @@ HttpTransact::check_request_validity(State *s, HTTPHdr *incoming_hdr)
        return BAD_CONNECT_PORT;
      }
  
+    if (s->client_info.transfer_encoding == CHUNKED_ENCODING && incoming_hdr->version_get() < HTTPVersion(1, 1)) {
+      // Per spec, Transfer-Encoding is only supported in HTTP/1.1. For earlier
+      // versions, we must reject Transfer-Encoding rather than interpret it
+      // since downstream proxies may ignore the chunk header and rely upon the
+      // Content-Length, or interpret the body some other way. These
+      // differences in interpretation may open up the door to compatibility
+      // issues. To protect against this, we reply with a 4xx if the client
+      // uses Transfer-Encoding with HTTP versions that do not support it.
+      return UNACCEPTABLE_TE_REQUIRED;
+    }
+
      // Require Content-Length/Transfer-Encoding for POST/PUSH/PUT
      if ((scheme == URL_WKSIDX_HTTP || scheme == URL_WKSIDX_HTTPS) &&
          (method == HTTP_WKSIDX_POST || method == HTTP_WKSIDX_PUSH || method == HTTP_WKSIDX_PUT) &&
author	Brian Neradt <brian.neradt@gmail.com>
	Sat, 21 May 2022 17:28:31 +0000 (18:28 +0100)
committer	Jean Baptiste Favre <debian@jbfavre.org>
	Sat, 21 May 2022 17:28:31 +0000 (18:28 +0100)