[squid-dev] [PATCH] Reject responses with conflicting Content-Length

Alex Rousskov rousskov at measurement-factory.com
Fri Aug 7 20:54:23 UTC 2015


Hello,

    Squid trusts and forwards the largest Content-Length header. This
behavior violates an RFC 7230 MUST in Section 3.3.3 item #4. It also
confuses some ICAP services and probably some HTTP clients. With the
proposed changes, Squid refuses to forward the message to the ICAP
service and HTTP client, responding with an HTTP 502 error instead.

This is a quick-and-dirty implementation. A polished version should
reject responses with invalid Content-Length values as well (per RFC
7230 MUST), should return 502 even with a strict parser (this is not a
header parsing issue), and should probably not warn the admin when all
values actually match.

I am not volunteering to provide a more polished version at this time,
but the proposed changes solve a known problem and are a step in the
right direction towards better Content-Length processing.


HTH,

Alex.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SQUID-98-reject-multi-cont-len-resp-t4.patch
Type: text/x-diff
Size: 17073 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20150807/a7109e87/attachment.patch>


More information about the squid-dev mailing list