[core] reject empty Content-Length for HTTP/1.x

(thx kenballus) x-ref: "reject empty Content-Length header for HTTP/1.x" https://redmine.lighttpd.net/issues/3219
2023-08-03 00:13:20 -04:00 · 2023-08-03 00:13:20 -04:00 · d71fc70c8d
parent a30858452e
commit d71fc70c8d
2 changed files with 6 additions and 3 deletions
--- a/src/request.c
+++ b/src/request.c
@ -1196,8 +1196,11 @@ static int http_request_parse_headers(request_st * const restrict r, char * cons
        do { --end; } while (end[-1] == ' ' || end[-1] == '\t');

        const int vlen = (int)(end - v);
-        /* empty header-fields are not allowed by HTTP-RFC, we just ignore them */
-        if (vlen <= 0) continue; /* ignore header */
+        if (__builtin_expect( (vlen <= 0), 0)) {
+            if (id == HTTP_HEADER_CONTENT_LENGTH)
+                return http_request_header_line_invalid(r, 400, "invalid Content-Length header -> 400");
+            continue; /* ignore empty header */
+        }

        if (http_header_strict) {
            const char * const x = http_request_check_line_strict(v, vlen);
--- a/src/t/test_request.c
+++ b/src/t/test_request.c
@ -301,7 +301,7 @@ static void test_request_http_request_parse(request_st * const r)
                    "Content-Length: -2\r\n"
                    "\r\n"));

-    run_http_request_parse(r, __LINE__, 411,
+    run_http_request_parse(r, __LINE__, 400,
      "Content-Length is empty",
      CONST_STR_LEN("POST /12345.txt HTTP/1.0\r\n"
                    "Host: 123.example.org\r\n"