Re: svn commit: r1714751 - /httpd/httpd/trunk/modules/http2/h2_request.c

Tue, 17 Nov 2015 03:21:51 -0800 

On Tue, Nov 17, 2015 at 11:26 AM,  <ic...@apache.org> wrote:
> Author: icing
> Date: Tue Nov 17 10:26:38 2015
> New Revision: 1714751
>
> URL: http://svn.apache.org/viewvc?rev=1714751&view=rev
> Log:
> handling body of chunked requests without content-length and content-type 
> correctly
>
> Modified:
>     httpd/httpd/trunk/modules/http2/h2_request.c
>
> Modified: httpd/httpd/trunk/modules/http2/h2_request.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_request.c?rev=1714751&r1=1714750&r2=1714751&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/http2/h2_request.c (original)
> +++ httpd/httpd/trunk/modules/http2/h2_request.c Tue Nov 17 10:26:38 2015
> @@ -254,18 +254,21 @@ apr_status_t h2_request_end_headers(h2_r
>      else {
>          /* no content-length given */
>          req->content_length = -1;
> -        s = apr_table_get(req->headers, "Content-Type");
> -        if (eos && s) {
> -            req->chunked = 0;
> -            apr_table_setn(req->headers, "Content-Length", "0");
> -        }
> -        else if (s) {
> -            /* We have not seen a content-length, but a content-type.
> -             * must pass any request content in chunked form.
> +        if (!eos) {
> +            /* We have not seen a content-length and have no eos,
> +             * simulate a chunked encoding for our HTTP/1.1 infrastructure,
> +             * in case we have "H2SerializeHeaders on" here
>               */
>              req->chunked = 1;
>              apr_table_mergen(req->headers, "Transfer-Encoding", "chunked");
>          }
> +        else if (apr_table_get(req->headers, "Content-Type")) {
> +            /* If we have a content-type, but already see eos, no more
> +             * data will come. Signal a zero content length explicitly.
> +             */
> +            req->chunked = 0;
> +            apr_table_setn(req->headers, "Content-Length", "0");
> +        }
>      }

Not sure to understand here, are HTTP2 requirements about "Message
Body" different from those in HTTP1 (rfc7230, section 3.3)?
For the latter, Content-Type has no role to play, message bodies are
solely given by either "Content-Length" or "Transfer-Encoding: [...,]
chunked" headers.
Any request (whose method "defines a meaning for an enclosed payload
body") SHOULD contain one of those, otherwise it is considered to have
no body.
IMHO we should be strict about messages boundaries to avoid HTTP
requests/responses smuggling.
Did I miss something?

Reply via email to