forked/hyper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(http1): fix server misinterpretting multiple Transfer-Encoding headers

Browse Source 
When a request arrived with multiple `Transfer-Encoding` headers, hyper
would check each if they ended with `chunked`. It should have only
checked if the *last* header ended with `chunked`.

See https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf
This commit is contained in:
Sean McArthur
2021-02-05 13:27:30 -08:00
parent 4d2125c67c
commit 8f93123efe
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/proto/h1/role.rs
View File

@@ -213,6 +213,8 @@ impl Http1Transaction for Server {
if headers::is_chunked_(&value) { if headers::is_chunked_(&value) {
is_te_chunked = true; is_te_chunked = true;
decoder = DecodedLength::CHUNKED; decoder = DecodedLength::CHUNKED;
} else {
is_te_chunked = false;
} }
} }
header::CONTENT_LENGTH => { header::CONTENT_LENGTH => {
@@ -1444,6 +1446,16 @@ mod tests {
"transfer-encoding doesn't end in chunked", "transfer-encoding doesn't end in chunked",
); );
parse_err(
"\
POST / HTTP/1.1\r\n\
transfer-encoding: chunked\r\n\
transfer-encoding: afterlol\r\n\
\r\n\
",
"transfer-encoding multiple lines doesn't end in chunked",
);
// http/1.0 // http/1.0
assert_eq!( assert_eq!(