diff options
| author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2021-06-08 09:51:24 +0300 |
|---|---|---|
| committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2021-06-08 09:54:40 +0300 |
| commit | e8e4d70c4ae517bd95c78d9481261b0110ce241f (patch) | |
| tree | f2647fa14e635382d0e85257ef132f271df4545a | |
| parent | b0400609faa4c00d60a215f29ff3999ee95496f0 (diff) | |
| download | libmicrohttpd-e8e4d70c4ae517bd95c78d9481261b0110ce241f.tar.gz libmicrohttpd-e8e4d70c4ae517bd95c78d9481261b0110ce241f.zip | |
Response: disallow two "Transfer-Encoding" headers
| -rw-r--r-- | src/microhttpd/response.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/src/microhttpd/response.c b/src/microhttpd/response.c index bf78d735..eb29ab64 100644 --- a/src/microhttpd/response.c +++ b/src/microhttpd/response.c | |||
| @@ -135,18 +135,21 @@ MHD_add_response_header (struct MHD_Response *response, | |||
| 135 | const char *header, | 135 | const char *header, |
| 136 | const char *content) | 136 | const char *content) |
| 137 | { | 137 | { |
| 138 | if ( (MHD_str_equal_caseless_ (header, | 138 | if (MHD_str_equal_caseless_ (header, |
| 139 | MHD_HTTP_HEADER_TRANSFER_ENCODING)) && | 139 | MHD_HTTP_HEADER_TRANSFER_ENCODING)) |
| 140 | (! MHD_str_equal_caseless_ (content, | ||
| 141 | "identity")) && | ||
| 142 | (! MHD_str_equal_caseless_ (content, | ||
| 143 | "chunked")) ) | ||
| 144 | { | 140 | { |
| 141 | /* TODO: remove support for "identity" */ | ||
| 142 | /* Only one "Transfer-Encoding" header is allowed */ | ||
| 143 | if (NULL != | ||
| 144 | MHD_get_response_header (response, MHD_HTTP_HEADER_TRANSFER_ENCODING) ) | ||
| 145 | return MHD_NO; | ||
| 145 | /* Setting transfer encodings other than "identity" or | 146 | /* Setting transfer encodings other than "identity" or |
| 146 | "chunked" is not allowed. Note that MHD will set the | 147 | "chunked" is not allowed. Note that MHD will set the |
| 147 | correct transfer encoding if required automatically. */ | 148 | correct transfer encoding if required automatically. */ |
| 148 | /* NOTE: for compressed bodies, use the "Content-encoding" header */ | 149 | /* NOTE: for compressed bodies, use the "Content-encoding" header */ |
| 149 | return MHD_NO; | 150 | if ( (! MHD_str_equal_caseless_ (content, "identity")) && |
| 151 | (! MHD_str_equal_caseless_ (content, "chunked")) ) | ||
| 152 | return MHD_NO; | ||
| 150 | } | 153 | } |
| 151 | if ( (0 == (MHD_RF_INSANITY_HEADER_CONTENT_LENGTH | 154 | if ( (0 == (MHD_RF_INSANITY_HEADER_CONTENT_LENGTH |
| 152 | & response->flags)) && | 155 | & response->flags)) && |