Do not silently accept multiple Content-Length headers.

author florian <florian@openbsd.org>

Wed, 8 Apr 2015 19:39:29 +0000 (19:39 +0000)

committer florian <florian@openbsd.org>

Wed, 8 Apr 2015 19:39:29 +0000 (19:39 +0000)
author florian <florian@openbsd.org>
Wed, 8 Apr 2015 19:39:29 +0000 (19:39 +0000)
committer florian <florian@openbsd.org>
Wed, 8 Apr 2015 19:39:29 +0000 (19:39 +0000)
diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c

index b63fc22..975f878 100644 (file)
--- a/usr.sbin/httpd/server_http.c
+++ b/usr.sbin/httpd/server_http.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: server_http.c,v 1.75 2015/02/23 18:43:18 reyk Exp $   */
+/*     $OpenBSD: server_http.c,v 1.76 2015/04/08 19:39:29 florian Exp $        */
  
  /*
   * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org>
@@ -339,6 +339,11 @@ server_read_http(struct bufferevent *bev, void *arg)
                          * the carriage return? And some browsers seem to
                          * include the line length in the content-length.
                          */
+                       if (clt->clt_toread != 0) {
+                               /* We already read Content-Length */
+                               server_abort_http(clt, 400, errstr);
+                               goto abort;
+                       }
                         clt->clt_toread = strtonum(value, 0, LLONG_MAX,
                             &errstr);
                         if (errstr) {
author	florian <florian@openbsd.org>
	Wed, 8 Apr 2015 19:39:29 +0000 (19:39 +0000)
committer	florian <florian@openbsd.org>
	Wed, 8 Apr 2015 19:39:29 +0000 (19:39 +0000)