berkus
/
actix-web
mirror of https://github.com/fafhrd91/actix-web
1
0
Fork 0
Code Issues Releases Wiki Activity

disallow HTTP/1.0 requests without a CL header

This commit is contained in:
Rob Ede 2022-06-27 04:18:34 +01:00
parent c2edf42099
commit e292a2b519
No known key found for this signature in database
GPG Key ID: 97C636207D3EF933
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
actix-http/src/h1/decoder.rs
View File

@ -185,6 +185,13 @@ pub(crate) trait MessageType: Sized {
content_length = None; content_length = None;
} }
// disallow HTTP/1.0 request that do not contain a Content-Length headers
// see https://datatracker.ietf.org/doc/html/rfc1945#section-7.2.2
if version == Version::HTTP_10 && content_length.is_none() {
debug!("no Content-Length specified for HTTP/1.0 request");
return Err(ParseError::Header);
}
// https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.3 // https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.3
if chunked { if chunked {
// Chunked encoding // Chunked encoding