From 350258965909f249f9c59823aac240313e0d0120 Mon Sep 17 00:00:00 2001
From: Olga Batyshkina <olga.batyshkina@virtual-solution.com>
Date: Wed, 19 Dec 2018 16:02:23 +0100
Subject: [PATCH] Disallow empty Content-Length

PR-URL: https://github.com/nodejs/http-parser/pull/459
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
---
 http_parser.c | 5 +++++
 test.c        | 7 +++++++
 2 files changed, 12 insertions(+)

diff --git a/http_parser.c b/http_parser.c
index cd5d0d5..228ada5 100644
--- a/http_parser.c
+++ b/http_parser.c
@@ -1740,6 +1740,11 @@ size_t http_parser_execute (http_parser *parser,
             case h_transfer_encoding_chunked:
               parser->flags |= F_CHUNKED;
               break;
+            case h_content_length:
+              /* do not allow empty content length */
+              SET_ERRNO(HPE_INVALID_CONTENT_LENGTH);
+              goto error;
+              break;
             default:
               break;
           }
diff --git a/test.c b/test.c
index 25c8f5f..c3fddd5 100644
--- a/test.c
+++ b/test.c
@@ -4182,6 +4182,13 @@ main (void)
   test_invalid_header_field_token_error(HTTP_RESPONSE);
   test_invalid_header_field_content_error(HTTP_RESPONSE);
 
+  test_simple_type(
+      "POST / HTTP/1.1\r\n"
+      "Content-Length:\r\n"  // empty
+      "\r\n",
+      HPE_INVALID_CONTENT_LENGTH,
+      HTTP_REQUEST);
+
   test_simple_type(
       "POST / HTTP/1.1\r\n"
       "Content-Length:  42 \r\n"  // Note the surrounding whitespace.