From 350258965909f249f9c59823aac240313e0d0120 Mon Sep 17 00:00:00 2001

From: Olga Batyshkina <olga.batyshkina@virtual-solution.com>

Date: Wed, 19 Dec 2018 16:02:23 +0100

Subject: [PATCH] Disallow empty Content-Length

PR-URL: https://github.com/nodejs/http-parser/pull/459

Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

---

 http_parser.c | 5 +++++

 test.c        | 7 +++++++

 2 files changed, 12 insertions(+)

diff --git a/http_parser.c b/http_parser.c

index cd5d0d5..228ada5 100644

--- a/http_parser.c

+++ b/http_parser.c

@@ -1740,6 +1740,11 @@ size_t http_parser_execute (http_parser *parser,

             case h_transfer_encoding_chunked:

               parser->flags |= F_CHUNKED;

               break;

+            case h_content_length:

+              /* do not allow empty content length */

+              SET_ERRNO(HPE_INVALID_CONTENT_LENGTH);

+              goto error;

+              break;

             default:

               break;

           }

diff --git a/test.c b/test.c

index 25c8f5f..c3fddd5 100644

--- a/test.c

+++ b/test.c

@@ -4182,6 +4182,13 @@ main (void)

   test_invalid_header_field_token_error(HTTP_RESPONSE);

   test_invalid_header_field_content_error(HTTP_RESPONSE);

+  test_simple_type(

+      "POST / HTTP/1.1\r\n"

+      "Content-Length:\r\n"  // empty

+      "\r\n",

+      HPE_INVALID_CONTENT_LENGTH,

+      HTTP_REQUEST);

+

   test_simple_type(

       "POST / HTTP/1.1\r\n"

       "Content-Length:  42 \r\n"  // Note the surrounding whitespace.