CONNECT: reject TE or CL in 2xx responses

A server MUST NOT send any Transfer-Encoding or Content-Length header
fields in a 2xx (Successful) response to CONNECT. (RFC 7231 section
4.3.6)

Also fixes the three test cases that did this.

diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index bbe2e8eb16a77edf14266ac6ede49626222dd965..8ed9d08cb81f43b5f41ee9e79f8f41505a6c16d2 100644 (file)
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -529,6 +529,15 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
                       return result;
                   }
                   else if(checkprefix("Content-Length:", line_start)) {
+                    if(k->httpcode/100 == 2) {
+                      /* A server MUST NOT send any Transfer-Encoding or
+                         Content-Length header fields in a 2xx (Successful)
+                         response to CONNECT. (RFC 7231 section 4.3.6) */
+                      failf(data, "Content-Length: in %03d response",
+                            k->httpcode);
+                      return CURLE_RECV_ERROR;
+                    }
+
                     cl = curlx_strtoofft(line_start +
                                          strlen("Content-Length:"), NULL, 10);
                   }
@@ -538,6 +547,14 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
                   else if(Curl_compareheader(line_start,
                                              "Transfer-Encoding:",
                                              "chunked")) {
+                    if(k->httpcode/100 == 2) {
+                      /* A server MUST NOT send any Transfer-Encoding or
+                         Content-Length header fields in a 2xx (Successful)
+                         response to CONNECT. (RFC 7231 section 4.3.6) */
+                      failf(data, "Transfer-Encoding: in %03d response",
+                            k->httpcode);
+                      return CURLE_RECV_ERROR;
+                    }
                     infof(data, "CONNECT responded chunked\n");
                     chunked_encoding = TRUE;
                     /* init our chunky engine */

diff --git a/tests/data/test1097 b/tests/data/test1097
index 3b733a55a99add27afeb0b44919f4bff99b623f3..7512a2e7dd73edef0985f86eaace4166065b5d20 100644 (file)
--- a/tests/data/test1097
+++ b/tests/data/test1097
@@ -15,27 +15,25 @@ HTTP proxy NTLM auth
 HTTP/1.1 200 We are fine and cool\r
 Server: Apache/1.3.27 (Dorw1n) PHP/44.1.2\r
 Content-Length: 27\r
-
+\r
 This is all fine and dandy
 </data>
 
+# This is the CONNECT response
 <connect1001>
 HTTP/1.1 200 We are fine and cool\r
 Server: Apache/1.3.27 (Dorw1n) PHP/44.1.2\r
-Content-Length: 27\r
-
-This is all fine and dandy
+\r
 </connect1001>
 
 <datacheck>
 HTTP/1.1 200 We are fine and cool\r
 Server: Apache/1.3.27 (Dorw1n) PHP/44.1.2\r
-Content-Length: 27\r
-
+\r
 HTTP/1.1 200 We are fine and cool\r
 Server: Apache/1.3.27 (Dorw1n) PHP/44.1.2\r
 Content-Length: 27\r
-
+\r
 This is all fine and dandy
 </datacheck>
 </reply>

diff --git a/tests/data/test1230 b/tests/data/test1230
index 3c1d3d448a33e97ffe149ce43faa1353861646a1..ca2f6c67d690f6e0e2898ae2900e542aa2f560c0 100644 (file)
--- a/tests/data/test1230
+++ b/tests/data/test1230
@@ -23,14 +23,12 @@ mooooooo
 <connect>
 HTTP/1.1 200 welcome dear\r
 Date: Thu, 09 Nov 2010 14:49:00 GMT\r
-Content-Length: 0\r
 \r
 </connect>
 
 <datacheck>
 HTTP/1.1 200 welcome dear\r
 Date: Thu, 09 Nov 2010 14:49:00 GMT\r
-Content-Length: 0\r
 \r
 HTTP/1.1 200 OK\r
 Date: Thu, 09 Nov 2010 14:49:00 GMT\r

diff --git a/tests/data/test1525 b/tests/data/test1525
index 0560d5c1a85001495c19577175b4f66257949e9e..595da5ea97bef90657dca6fcf6c0a7de09c93547 100644 (file)
--- a/tests/data/test1525
+++ b/tests/data/test1525
@@ -14,7 +14,6 @@ CURLOPT_PROXYHEADER
 <reply>
 <connect>
 HTTP/1.1 200 OK\r
-Content-Length: 17\r
 \r
 </connect>
 <data>
@@ -26,7 +25,6 @@ ETag: "21025-dc7-39462498"
 </data>
 <datacheck>
 HTTP/1.1 200 OK\r
-Content-Length: 17\r
 \r
 HTTP/1.1 200 OK swsclose
 Date: Thu, 09 Nov 2010 14:49:00 GMT