diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2016-11-29 16:22:35 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2016-12-01 16:18:36 +0100 |
| commit | c50b878c15e029111787f6019b46581ecbc30c62 (patch) | |
| tree | 18609b68020901e089b2792f37f5a5c899bf93ef | |
| parent | aab33215afb71c52404419bfa0783620a0b5cb75 (diff) | |
CONNECT: reject TE or CL in 2xx responses
A server MUST NOT send any Transfer-Encoding or Content-Length header
fields in a 2xx (Successful) response to CONNECT. (RFC 7231 section
4.3.6)
Also fixes the three test cases that did this.
| -rw-r--r-- | lib/http_proxy.c | 17 | ||||
| -rw-r--r-- | tests/data/test1097 | 12 | ||||
| -rw-r--r-- | tests/data/test1230 | 2 | ||||
| -rw-r--r-- | tests/data/test1525 | 2 |
4 files changed, 22 insertions, 11 deletions
diff --git a/lib/http_proxy.c b/lib/http_proxy.c index bbe2e8eb1..8ed9d08cb 100644 --- a/lib/http_proxy.c +++ b/lib/http_proxy.c @@ -529,6 +529,15 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn, return result; } else if(checkprefix("Content-Length:", line_start)) { + if(k->httpcode/100 == 2) { + /* A server MUST NOT send any Transfer-Encoding or + Content-Length header fields in a 2xx (Successful) + response to CONNECT. (RFC 7231 section 4.3.6) */ + failf(data, "Content-Length: in %03d response", + k->httpcode); + return CURLE_RECV_ERROR; + } + cl = curlx_strtoofft(line_start + strlen("Content-Length:"), NULL, 10); } @@ -538,6 +547,14 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn, else if(Curl_compareheader(line_start, "Transfer-Encoding:", "chunked")) { + if(k->httpcode/100 == 2) { + /* A server MUST NOT send any Transfer-Encoding or + Content-Length header fields in a 2xx (Successful) + response to CONNECT. (RFC 7231 section 4.3.6) */ + failf(data, "Transfer-Encoding: in %03d response", + k->httpcode); + return CURLE_RECV_ERROR; + } infof(data, "CONNECT responded chunked\n"); chunked_encoding = TRUE; /* init our chunky engine */ diff --git a/tests/data/test1097 b/tests/data/test1097 index 3b733a55a..7512a2e7d 100644 --- a/tests/data/test1097 +++ b/tests/data/test1097 @@ -15,27 +15,25 @@ HTTP proxy NTLM auth HTTP/1.1 200 We are fine and cool
Server: Apache/1.3.27 (Dorw1n) PHP/44.1.2
Content-Length: 27
- +
This is all fine and dandy </data> +# This is the CONNECT response <connect1001> HTTP/1.1 200 We are fine and cool
Server: Apache/1.3.27 (Dorw1n) PHP/44.1.2
-Content-Length: 27
- -This is all fine and dandy +
</connect1001> <datacheck> HTTP/1.1 200 We are fine and cool
Server: Apache/1.3.27 (Dorw1n) PHP/44.1.2
-Content-Length: 27
- +
HTTP/1.1 200 We are fine and cool
Server: Apache/1.3.27 (Dorw1n) PHP/44.1.2
Content-Length: 27
- +
This is all fine and dandy </datacheck> </reply> diff --git a/tests/data/test1230 b/tests/data/test1230 index 3c1d3d448..ca2f6c67d 100644 --- a/tests/data/test1230 +++ b/tests/data/test1230 @@ -23,14 +23,12 @@ mooooooo <connect> HTTP/1.1 200 welcome dear
Date: Thu, 09 Nov 2010 14:49:00 GMT
-Content-Length: 0
</connect> <datacheck> HTTP/1.1 200 welcome dear
Date: Thu, 09 Nov 2010 14:49:00 GMT
-Content-Length: 0
HTTP/1.1 200 OK
Date: Thu, 09 Nov 2010 14:49:00 GMT
diff --git a/tests/data/test1525 b/tests/data/test1525 index 0560d5c1a..595da5ea9 100644 --- a/tests/data/test1525 +++ b/tests/data/test1525 @@ -14,7 +14,6 @@ CURLOPT_PROXYHEADER <reply> <connect> HTTP/1.1 200 OK
-Content-Length: 17
</connect> <data> @@ -26,7 +25,6 @@ ETag: "21025-dc7-39462498" </data> <datacheck> HTTP/1.1 200 OK
-Content-Length: 17
HTTP/1.1 200 OK swsclose Date: Thu, 09 Nov 2010 14:49:00 GMT |