aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2016-11-29 16:22:35 +0100
committerDaniel Stenberg <daniel@haxx.se>2016-12-01 16:18:36 +0100
commitc50b878c15e029111787f6019b46581ecbc30c62 (patch)
tree18609b68020901e089b2792f37f5a5c899bf93ef
parentaab33215afb71c52404419bfa0783620a0b5cb75 (diff)
CONNECT: reject TE or CL in 2xx responses
A server MUST NOT send any Transfer-Encoding or Content-Length header fields in a 2xx (Successful) response to CONNECT. (RFC 7231 section 4.3.6) Also fixes the three test cases that did this.
-rw-r--r--lib/http_proxy.c17
-rw-r--r--tests/data/test109712
-rw-r--r--tests/data/test12302
-rw-r--r--tests/data/test15252
4 files changed, 22 insertions, 11 deletions
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index bbe2e8eb1..8ed9d08cb 100644
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -529,6 +529,15 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
return result;
}
else if(checkprefix("Content-Length:", line_start)) {
+ if(k->httpcode/100 == 2) {
+ /* A server MUST NOT send any Transfer-Encoding or
+ Content-Length header fields in a 2xx (Successful)
+ response to CONNECT. (RFC 7231 section 4.3.6) */
+ failf(data, "Content-Length: in %03d response",
+ k->httpcode);
+ return CURLE_RECV_ERROR;
+ }
+
cl = curlx_strtoofft(line_start +
strlen("Content-Length:"), NULL, 10);
}
@@ -538,6 +547,14 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
else if(Curl_compareheader(line_start,
"Transfer-Encoding:",
"chunked")) {
+ if(k->httpcode/100 == 2) {
+ /* A server MUST NOT send any Transfer-Encoding or
+ Content-Length header fields in a 2xx (Successful)
+ response to CONNECT. (RFC 7231 section 4.3.6) */
+ failf(data, "Transfer-Encoding: in %03d response",
+ k->httpcode);
+ return CURLE_RECV_ERROR;
+ }
infof(data, "CONNECT responded chunked\n");
chunked_encoding = TRUE;
/* init our chunky engine */
diff --git a/tests/data/test1097 b/tests/data/test1097
index 3b733a55a..7512a2e7d 100644
--- a/tests/data/test1097
+++ b/tests/data/test1097
@@ -15,27 +15,25 @@ HTTP proxy NTLM auth
HTTP/1.1 200 We are fine and cool
Server: Apache/1.3.27 (Dorw1n) PHP/44.1.2
Content-Length: 27
-
+
This is all fine and dandy
</data>
+# This is the CONNECT response
<connect1001>
HTTP/1.1 200 We are fine and cool
Server: Apache/1.3.27 (Dorw1n) PHP/44.1.2
-Content-Length: 27
-
-This is all fine and dandy
+
</connect1001>
<datacheck>
HTTP/1.1 200 We are fine and cool
Server: Apache/1.3.27 (Dorw1n) PHP/44.1.2
-Content-Length: 27
-
+
HTTP/1.1 200 We are fine and cool
Server: Apache/1.3.27 (Dorw1n) PHP/44.1.2
Content-Length: 27
-
+
This is all fine and dandy
</datacheck>
</reply>
diff --git a/tests/data/test1230 b/tests/data/test1230
index 3c1d3d448..ca2f6c67d 100644
--- a/tests/data/test1230
+++ b/tests/data/test1230
@@ -23,14 +23,12 @@ mooooooo
<connect>
HTTP/1.1 200 welcome dear
Date: Thu, 09 Nov 2010 14:49:00 GMT
-Content-Length: 0
</connect>
<datacheck>
HTTP/1.1 200 welcome dear
Date: Thu, 09 Nov 2010 14:49:00 GMT
-Content-Length: 0
HTTP/1.1 200 OK
Date: Thu, 09 Nov 2010 14:49:00 GMT
diff --git a/tests/data/test1525 b/tests/data/test1525
index 0560d5c1a..595da5ea9 100644
--- a/tests/data/test1525
+++ b/tests/data/test1525
@@ -14,7 +14,6 @@ CURLOPT_PROXYHEADER
<reply>
<connect>
HTTP/1.1 200 OK
-Content-Length: 17
</connect>
<data>
@@ -26,7 +25,6 @@ ETag: "21025-dc7-39462498"
</data>
<datacheck>
HTTP/1.1 200 OK
-Content-Length: 17
HTTP/1.1 200 OK swsclose
Date: Thu, 09 Nov 2010 14:49:00 GMT