[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 01/05: Always close connection after reply if both Conte
From: |
gnunet |
Subject: |
[libmicrohttpd] 01/05: Always close connection after reply if both Content-Length and chucked are used |
Date: |
Thu, 22 Dec 2022 18:18:31 +0100 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit e60c63aff64e87843ab9ab314c370f8017b7e931
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Mon Dec 19 18:32:12 2022 +0300
Always close connection after reply if both Content-Length and chucked are
used
When both headers are used, the real length of the request may not be
determined unambiguously, the start of the next request is unclear.
---
src/microhttpd/connection.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index 16c5fb93..e6c93f25 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -3953,15 +3953,17 @@ parse_connection_headers (struct MHD_Connection
*connection)
REQUEST_LENGTH_WITH_TR_ENCODING);
return;
}
-#ifdef HAVE_MESSAGES
else
{
+ /* Must close connection after reply to prevent potential attack */
+ connection->keepalive = MHD_CONN_MUST_CLOSE;
+#ifdef HAVE_MESSAGES
MHD_DLOG (connection->daemon,
_ ("The 'Content-Length' request header is ignored "
"as chunked Transfer-Encoding is used "
"for this request.\n"));
- }
#endif /* HAVE_MESSAGES */
+ }
}
connection->rq.have_chunked_upload = true;
connection->rq.remaining_upload_size = MHD_SIZE_UNKNOWN;
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (1e7ad301 -> 4dadf8ec), gnunet, 2022/12/22
- [libmicrohttpd] 01/05: Always close connection after reply if both Content-Length and chucked are used,
gnunet <=
- [libmicrohttpd] 02/05: connection.c: cosmetics, gnunet, 2022/12/22
- [libmicrohttpd] 05/05: Updated parsing of cookies, reject cookie completely if discipline is very strict, gnunet, 2022/12/22
- [libmicrohttpd] 04/05: Updated W32 resources file, gnunet, 2022/12/22
- [libmicrohttpd] 03/05: Added new daemon option MHD_OPTION_CLIENT_DISCIPLINE_LV, gnunet, 2022/12/22