[libmicrohttpd] 01/05: Always close connection after reply if both Content-Length and chucked are used

[gnunet]

This is an automated email from the git hooks/post-receive script.

karlson2k pushed a commit to branch master
in repository libmicrohttpd.

commit e60c63aff64e87843ab9ab314c370f8017b7e931
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Mon Dec 19 18:32:12 2022 +0300

    Always close connection after reply if both Content-Length and chucked are 
used
    
    When both headers are used, the real length of the request may not be
    determined unambiguously, the start of the next request is unclear.
---
 src/microhttpd/connection.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index 16c5fb93..e6c93f25 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -3953,15 +3953,17 @@ parse_connection_headers (struct MHD_Connection 
*connection)
                                         REQUEST_LENGTH_WITH_TR_ENCODING);
         return;
       }
-#ifdef HAVE_MESSAGES
       else
       {
+        /* Must close connection after reply to prevent potential attack */
+        connection->keepalive = MHD_CONN_MUST_CLOSE;
+#ifdef HAVE_MESSAGES
         MHD_DLOG (connection->daemon,
                   _ ("The 'Content-Length' request header is ignored "
                      "as chunked Transfer-Encoding is used "
                      "for this request.\n"));
-      }
 #endif /* HAVE_MESSAGES */
+      }
     }
     connection->rq.have_chunked_upload = true;
     connection->rq.remaining_upload_size = MHD_SIZE_UNKNOWN;

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.