Skip to content

Commit

Permalink
fix(http1): fix server misinterpretting multiple Transfer-Encoding he…
Browse files Browse the repository at this point in the history
…aders

When a request arrived with multiple `Transfer-Encoding` headers, hyper
would check each if they ended with `chunked`. It should have only
checked if the *last* header ended with `chunked`.

See GHSA-6hfq-h8hq-87mf
  • Loading branch information
amousset authored and seanmonstar committed Feb 17, 2021
1 parent a115c30 commit f605125
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions src/proto/h1/role.rs
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,8 @@ impl Http1Transaction for Server {
if headers::is_chunked_(&value) {
is_te_chunked = true;
decoder = DecodedLength::CHUNKED;
} else {
is_te_chunked = false;
}
},
header::CONTENT_LENGTH => {
Expand Down Expand Up @@ -1226,6 +1228,15 @@ mod tests {
\r\n\
", "transfer-encoding doesn't end in chunked");

parse_err(
"\
POST / HTTP/1.1\r\n\
transfer-encoding: chunked\r\n\
transfer-encoding: afterlol\r\n\
\r\n\
",
"transfer-encoding multiple lines doesn't end in chunked",
);

// http/1.0

Expand Down

0 comments on commit f605125

Please sign in to comment.