From 3fc7a1c74b2f8cd5e6c97d426fce54afb08cb3e0 Mon Sep 17 00:00:00 2001
From: yasuoka <yasuoka@openbsd.org>
Date: Wed, 21 Sep 2022 05:55:18 +0000
Subject: [PATCH] Default request message body size should be 0.

ok claudio
---
 usr.sbin/httpd/server_http.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c
index 8e8ab94bfeb..08deda7d5f0 100644
--- a/usr.sbin/httpd/server_http.c
+++ b/usr.sbin/httpd/server_http.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: server_http.c,v 1.152 2022/09/01 20:36:25 tb Exp $	*/
+/*	$OpenBSD: server_http.c,v 1.153 2022/09/21 05:55:18 yasuoka Exp $	*/
 
 /*
  * Copyright (c) 2020 Matthias Pressfreund <mpfr@fn.de>
@@ -474,12 +474,9 @@ server_read_http(struct bufferevent *bev, void *arg)
 			/* HTTP request payload */
 			if (clt->clt_toread > 0)
 				bev->readcb = server_read_httpcontent;
-
-			/* Single-pass HTTP body */
-			if (clt->clt_toread < 0) {
-				clt->clt_toread = TOREAD_UNLIMITED;
-				bev->readcb = server_read;
-			}
+			if (clt->clt_toread < 0 && !desc->http_chunked)
+				/* 7. of RFC 9112 Section 6.3 */
+				clt->clt_toread = 0;
 			break;
 		default:
 			server_abort_http(clt, 405, "method not allowed");
-- 
2.20.1