Hi,
When httpd received the following request,
POST /cgi-bin/test.cgi HTTP/1.0
Host: 127.0.0.1
Content-Type: application/json
Content-Length: 0
if the request is handled by fastcgi, STDIN is closed immediately.
But the problem is that STDIN is never closed if the request doesn't
have "Content-Length" header like the following. read(STDIN) doesn't
return forever.
POST /cgi-bin/test.cgi HTTP/1.0
Host: 127.0.0.1
Content-Type: application/json
In RFC7230 Section 3.3.3
| 6. If this is a request message and none of the above are true, then
| the message body length is zero (no message body is present).
it mentions the body length is zero if both Content-Length and
Content-Transfer-Encoding is not specified.
The diff is to fix the problm.
ok?
Treat the message body length as 0 byte if Content-Length is not
specified and chunked transfer is not used.
Index: usr.sbin/httpd/server_http.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
retrieving revision 1.136
diff -u -p -r1.136 server_http.c
--- usr.sbin/httpd/server_http.c 14 Jan 2020 20:48:57 -0000 1.136
+++ usr.sbin/httpd/server_http.c 4 Feb 2020 06:30:14 -0000
@@ -421,12 +421,12 @@ server_read_http(struct bufferevent *bev
/* HTTP request payload */
if (clt->clt_toread > 0)
bev->readcb = server_read_httpcontent;
-
- /* Single-pass HTTP body */
- if (clt->clt_toread < 0) {
- clt->clt_toread = TOREAD_UNLIMITED;
- bev->readcb = server_read;
- }
+ else if (!desc->http_chunked)
+ /*
+ * When no content-length and no chunked
+ * transfer, it means body length is zero.
+ */
+ clt->clt_toread = 0;
break;
default:
server_abort_http(clt, 405, "method not allowed");
