[asterisk-commits] dlee: branch dlee/ASTERISK-22486-reject-transfer-encoding r404552 - /team/dle...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Dec 23 17:05:25 CST 2013 

Author: dlee
Date: Mon Dec 23 17:05:23 2013
New Revision: 404552

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=404552
Log:
http: Properly reject requests with Transfer-Encoding set

Modified:
    team/dlee/ASTERISK-22486-reject-transfer-encoding/main/http.c

Modified: team/dlee/ASTERISK-22486-reject-transfer-encoding/main/http.c
URL: http://svnview.digium.com/svn/asterisk/team/dlee/ASTERISK-22486-reject-transfer-encoding/main/http.c?view=diff&rev=404552&r1=404551&r2=404552
==============================================================================
--- team/dlee/ASTERISK-22486-reject-transfer-encoding/main/http.c (original)
+++ team/dlee/ASTERISK-22486-reject-transfer-encoding/main/http.c Mon Dec 23 17:05:23 2013
@@ -648,6 +648,20 @@
 	return 0;
 }
 
+static const char *get_transfer_encoding(struct ast_variable *headers)
+{
+	struct ast_variable *v;
+
+	for (v = headers; v; v = v->next) {
+		if (!strcasecmp(v->name, "Transfer-Encoding")) {
+			return v->value;
+		}
+	}
+
+	/* Missing content length; assume zero */
+	return 0;
+}
+
 struct ast_json *ast_http_get_json(
 	struct ast_tcptls_session_instance *ser, struct ast_variable *headers)
 {
@@ -1068,6 +1082,7 @@
 	struct ast_variable *tail = headers;
 	char *uri, *method;
 	enum ast_http_method http_method = AST_HTTP_UNKNOWN;
+	const char *transfer_encoding;
 
 	if (ast_atomic_fetchadd_int(&session_count, +1) >= session_limit) {
 		goto done;
@@ -1138,6 +1153,22 @@
 			tail->next = ast_variable_new(name, value, __FILE__);
 			tail = tail->next;
 		}
+	}
+
+	transfer_encoding = get_transfer_encoding(headers);
+	/* Transfer encoding defaults to identity */
+	if (!transfer_encoding) {
+		transfer_encoding = "identity";
+	}
+
+	/*
+	 * RFC 2616, section 3.6, we should respond with a 501 for any transfer-
+	 * codings we don't understand.
+	 */
+	if (strcasecmp(transfer_encoding, "identity") != 0) {
+		/* Transfer encodings not supported */
+		ast_http_error(ser, 501, "Unimplemented", "Unsupported Transfer-Encoding.");
+		goto done;
 	}
 
 	if (!*uri) {

More information about the asterisk-commits mailing list