From: Bryan Call <bcall@apache.org>
Date: Sat, 21 May 2022 19:14:28 +0000 (+0100)
Subject: Fix for CVE-2020-1944
X-Git-Tag: archive/raspbian/8.0.2+ds-1+rpi1+deb10u6^2~12
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=4c8093132ba994f0fe46e04aeba243276cda4b2f;p=trafficserver.git

Fix for CVE-2020-1944

Origin: backport
Applied-Upstream: https://github.com/apache/trafficserver/pull/6390
Last-Update: 2020-04-16

Last-Update: 2020-04-16
Gbp-Pq: Name 0016-CVE-2020-1944.patch
---

diff --git a/proxy/hdrs/HTTP.cc b/proxy/hdrs/HTTP.cc
index 3858bd0c..448eb443 100644
--- a/proxy/hdrs/HTTP.cc
+++ b/proxy/hdrs/HTTP.cc
@@ -1125,19 +1125,18 @@ http_parser_parse_req(HTTPParser *parser, HdrHeap *heap, HTTPHdrImpl *hh, const
 
     end                    = real_end;
     parser->m_parsing_http = false;
-
-    ParseResult ret = mime_parser_parse(&parser->m_mime_parser, heap, hh->m_fields_impl, start, end, must_copy_strings, eof);
-    // If we're done with the main parse do some validation
-    if (ret == PARSE_RESULT_DONE) {
-      ret = validate_hdr_host(hh); // check HOST header
-    }
-    if (ret == PARSE_RESULT_DONE) {
-      ret = validate_hdr_content_length(heap, hh);
-    }
-    return ret;
   }
 
-  return mime_parser_parse(&parser->m_mime_parser, heap, hh->m_fields_impl, start, end, must_copy_strings, eof);
+  ParseResult ret =
+    mime_parser_parse(&parser->m_mime_parser, heap, hh->m_fields_impl, start, end, must_copy_strings, eof);
+  // If we're done with the main parse do some validation
+  if (ret == PARSE_RESULT_DONE) {
+    ret = validate_hdr_host(hh); // check HOST header
+  }
+  if (ret == PARSE_RESULT_DONE) {
+    ret = validate_hdr_content_length(heap, hh);
+  }
+  return ret;
 }
 
 ParseResult
@@ -1189,7 +1188,7 @@ validate_hdr_content_length(HdrHeap *heap, HTTPHdrImpl *hh)
     if (mime_hdr_field_find(hh->m_fields_impl, MIME_FIELD_TRANSFER_ENCODING, MIME_LEN_TRANSFER_ENCODING) != nullptr) {
       // Delete all Content-Length headers
       Debug("http", "Transfer-Encoding header and Content-Length headers the request, removing all Content-Length headers");
-      mime_hdr_field_delete(heap, hh->m_fields_impl, content_length_field);
+      mime_hdr_field_delete(heap, hh->m_fields_impl, content_length_field, true);
       return PARSE_RESULT_DONE;
     }