From c50b878c15e029111787f6019b46581ecbc30c62 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 29 Nov 2016 16:22:35 +0100 Subject: CONNECT: reject TE or CL in 2xx responses A server MUST NOT send any Transfer-Encoding or Content-Length header fields in a 2xx (Successful) response to CONNECT. (RFC 7231 section 4.3.6) Also fixes the three test cases that did this. --- lib/http_proxy.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'lib/http_proxy.c') diff --git a/lib/http_proxy.c b/lib/http_proxy.c index bbe2e8eb1..8ed9d08cb 100644 --- a/lib/http_proxy.c +++ b/lib/http_proxy.c @@ -529,6 +529,15 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn, return result; } else if(checkprefix("Content-Length:", line_start)) { + if(k->httpcode/100 == 2) { + /* A server MUST NOT send any Transfer-Encoding or + Content-Length header fields in a 2xx (Successful) + response to CONNECT. (RFC 7231 section 4.3.6) */ + failf(data, "Content-Length: in %03d response", + k->httpcode); + return CURLE_RECV_ERROR; + } + cl = curlx_strtoofft(line_start + strlen("Content-Length:"), NULL, 10); } @@ -538,6 +547,14 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn, else if(Curl_compareheader(line_start, "Transfer-Encoding:", "chunked")) { + if(k->httpcode/100 == 2) { + /* A server MUST NOT send any Transfer-Encoding or + Content-Length header fields in a 2xx (Successful) + response to CONNECT. (RFC 7231 section 4.3.6) */ + failf(data, "Transfer-Encoding: in %03d response", + k->httpcode); + return CURLE_RECV_ERROR; + } infof(data, "CONNECT responded chunked\n"); chunked_encoding = TRUE; /* init our chunky engine */ -- cgit v1.2.3