Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
haproxy.13495
haproxy-CVE-2019-18277.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File haproxy-CVE-2019-18277.diff of Package haproxy.13495
diff --git a/src/proto_http.c.orig b/src/proto_http.c index 5db64b5..5a5fc95 100644 --- a/src/proto_http.c.orig +++ b/src/proto_http.c @@ -2992,6 +2992,10 @@ int http_wait_for_request(struct session *s, struct channel *req, int an_bit) } } + /* "chunked" mandatory if transfer-encoding is used */ + if (ctx.idx && !(msg->flags & HTTP_MSGF_TE_CHNK)) + goto return_bad_req; + /* Chunked requests must have their content-length removed */ ctx.idx = 0; if (msg->flags & HTTP_MSGF_TE_CHNK) { @@ -6096,6 +6100,12 @@ int http_wait_for_response(struct session *s, struct channel *rep, int an_bit) } } + /* "chunked" mandatory if transfer-encoding is used */ + if (ctx.idx && !(msg->flags & HTTP_MSGF_TE_CHNK)) { + use_close_only = 1; + msg->flags &= ~(HTTP_MSGF_TE_CHNK | HTTP_MSGF_XFER_LEN); + } + /* Chunked responses must have their content-length removed */ ctx.idx = 0; if (use_close_only || (msg->flags & HTTP_MSGF_TE_CHNK)) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor