On Fri, Sep 02, 2022 at 10:23:30AM +0200, YASUOKA Masahiko wrote: > Hello, > > For HTTP request body, if neither "Content-Encoding: chunked" nor > "Content-Length" is specified, it should mean body length is 0. > > In RFC 9112 Section 6.3, 7.: > | 7. If this is a request message and none of the above are true, then > | the message body length is zero (no message body is present). > > The behavior can be tested by requesting POST to a cgi, like this: > > $ curl -X POST http://127.0.0.1/cgi-bin/test > (Ctrl-C is needed without the diff) > > ok? > > # first round https://marc.info/?l=openbsd-tech&m=158173705129829&w=2 > > Index: usr.sbin/httpd/server_http.c > =================================================================== > RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v > retrieving revision 1.151 > diff -u -p -r1.151 server_http.c > --- usr.sbin/httpd/server_http.c 15 Aug 2022 09:36:19 -0000 1.151 > +++ usr.sbin/httpd/server_http.c 1 Sep 2022 20:36:10 -0000 > @@ -474,12 +474,9 @@ server_read_http(struct bufferevent *bev > /* HTTP request payload */ > if (clt->clt_toread > 0) > bev->readcb = server_read_httpcontent; > - > - /* Single-pass HTTP body */ > - if (clt->clt_toread < 0) { > - clt->clt_toread = TOREAD_UNLIMITED; > - bev->readcb = server_read; > - } > + if (clt->clt_toread < 0 && !desc->http_chunked) > + /* 7. of RFC 9112 Section 6.3 */ > + clt->clt_toread = 0; > break; > default: > server_abort_http(clt, 405, "method not allowed"); >
I agree that this is indeed the required behaviour. OK claudio@ -- :wq Claudio