[4.0] c0de2e8 Fail requests on duplicate CL headers

Martin Blix Grydeland martin at varnish-software.com
Mon Mar 16 16:11:00 CET 2015 

commit c0de2e8b7b1bf3591ac995ce4e8d9a7607ddca58
Author: Martin Blix Grydeland <martin at varnish-software.com>
Date:   Mon Mar 16 15:20:42 2015 +0100

    Fail requests on duplicate CL headers
    
    Fix up a test case that ended sending duplicate headers by misstake

diff --git a/bin/varnishd/cache/cache_http1_proto.c b/bin/varnishd/cache/cache_http1_proto.c
index 2c4eab3..7247fac 100644
--- a/bin/varnishd/cache/cache_http1_proto.c
+++ b/bin/varnishd/cache/cache_http1_proto.c
@@ -416,6 +416,11 @@ HTTP1_DissectRequest(struct req *req)
 		return (400);
 	}
 
+	if (http_CountHdr(hp, H_Content_Length) > 1) {
+		VSLb(hp->vsl, SLT_Error, "Duplicate Content-Length header");
+		return (400);
+	}
+
 	/* RFC2616, section 5.2, point 1 */
 	if (!strncasecmp(hp->hd[HTTP_HDR_URL].b, "http://", 7)) {
 		b = e = hp->hd[HTTP_HDR_URL].b + 7;
diff --git a/bin/varnishtest/tests/b00043.vtc b/bin/varnishtest/tests/b00043.vtc
new file mode 100644
index 0000000..6ff253b
--- /dev/null
+++ b/bin/varnishtest/tests/b00043.vtc
@@ -0,0 +1,23 @@
+varnishtest "Fail request on duplicate Content-Length headers in requests"
+
+server s1 {
+       rxreq
+       txresp
+} -start
+
+varnish v1 -vcl+backend {
+       sub vcl_deliver {
+               if (req.http.foo) {
+                       set resp.http.Foo = req.http.foo;
+               }
+               if (req.http.bar) {
+                       set resp.http.Bar = req.http.bar;
+               }
+       }
+} -start
+
+client c1 {
+       txreq -req POST -hdr "Content-Length: 5" -body "12345"
+       rxresp
+       expect resp.status == 400
+} -run
diff --git a/bin/varnishtest/tests/r00102.vtc b/bin/varnishtest/tests/r00102.vtc
index cf8a1bb..b8b56b3 100644
--- a/bin/varnishtest/tests/r00102.vtc
+++ b/bin/varnishtest/tests/r00102.vtc
@@ -17,14 +17,12 @@ varnish v1 -vcl+backend {
 
 client c1 {
 	txreq -req POST -url "/" \
-		-hdr "Content-Length: 10" \
 		-body "123456789\n"
 	rxresp
 	expect resp.status == 200
 	expect resp.http.X-Varnish == "1001"
 
 	txreq -req POST -url "/" \
-		-hdr "Content-Length: 10" \
 		-body "123456789\n"
 	rxresp
 	expect resp.status == 200

More information about the varnish-commit mailing list