Always close connection after reply if both Content-Length and chucked are used - libmicrohttpd - HTTP/1.x server C library (MHD 1.x, stable)

commit e60c63aff64e87843ab9ab314c370f8017b7e931
parent 1e7ad3010da7d2be1afe219da0ba84dd129f9c4e
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date:   Mon, 19 Dec 2022 18:32:12 +0300

Always close connection after reply if both Content-Length and chucked are used

When both headers are used, the real length of the request may not be
determined unambiguously, the start of the next request is unclear.

Diffstat:
M src/microhttpd/connection.c  | 6 ++++--

1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
@@ -3953,15 +3953,17 @@ parse_connection_headers (struct MHD_Connection *connection)
                                         REQUEST_LENGTH_WITH_TR_ENCODING);
         return;
       }
-#ifdef HAVE_MESSAGES
       else
       {
+        /* Must close connection after reply to prevent potential attack */
+        connection->keepalive = MHD_CONN_MUST_CLOSE;
+#ifdef HAVE_MESSAGES
         MHD_DLOG (connection->daemon,
                   _ ("The 'Content-Length' request header is ignored "
                      "as chunked Transfer-Encoding is used "
                      "for this request.\n"));
-      }
 #endif /* HAVE_MESSAGES */
+      }
     }
     connection->rq.have_chunked_upload = true;
     connection->rq.remaining_upload_size = MHD_SIZE_UNKNOWN;

	libmicrohttpd HTTP/1.x server C library (MHD 1.x, stable)
	Log \| Files \| Refs \| Submodules \| README \| LICENSE