Skip to content

Commit

Permalink
fix(http1): fix server misinterpretting multiple Transfer-Encoding he…
Browse files Browse the repository at this point in the history
…aders

When a request arrived with multiple `Transfer-Encoding` headers, hyper
would check each if they ended with `chunked`. It should have only
checked if the *last* header ended with `chunked`.

See GHSA-6hfq-h8hq-87mf
  • Loading branch information
seanmonstar committed Feb 5, 2021
1 parent 42560c7 commit 6d9e5f9
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions src/proto/h1/role.rs
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,8 @@ impl Http1Transaction for Server {
if headers::is_chunked_(&value) {
is_te_chunked = true;
decoder = DecodedLength::CHUNKED;
} else {
is_te_chunked = false;
}
}
header::CONTENT_LENGTH => {
Expand Down Expand Up @@ -1334,6 +1336,16 @@ mod tests {
"transfer-encoding doesn't end in chunked",
);

parse_err(
"\
POST / HTTP/1.1\r\n\
transfer-encoding: chunked\r\n\
transfer-encoding: afterlol\r\n\
\r\n\
",
"transfer-encoding multiple lines doesn't end in chunked",
);

// http/1.0

assert_eq!(
Expand Down

0 comments on commit 6d9e5f9

Please sign in to comment.