[squid-dev] [PATCH] Reject responses with conflicting Content-Length

[Amos Jeffries]

On 8/08/2015 8:54 a.m., Alex Rousskov wrote:
> Hello,
> 
>     Squid trusts and forwards the largest Content-Length header. This
> behavior violates an RFC 7230 MUST in Section 3.3.3 item #4. It also
> confuses some ICAP services and probably some HTTP clients. With the
> proposed changes, Squid refuses to forward the message to the ICAP
> service and HTTP client, responding with an HTTP 502 error instead.
> 
> This is a quick-and-dirty implementation. A polished version should
> reject responses with invalid Content-Length values as well (per RFC
> 7230 MUST), should return 502 even with a strict parser (this is not a
> header parsing issue), and should probably not warn the admin when all
> values actually match.

That is already taken care of by warnOnError as debugs() level for the
recoverable issues. The admin who explicitly configure that they want
the warnings will see duplicate header notice. Otherwise not.

> 
> I am not volunteering to provide a more polished version at this time,
> but the proposed changes solve a known problem and are a step in the
> right direction towards better Content-Length processing.
> 

Please do eitehr XXX or implement the clause about 502 on invalid
Content-Length header. The unable to parse cases when comparing l1 and
l2 at chunk @548.


+1 as a temporary workaround. Looks like it catches some important cases
correctly.

IMO the polish can happen when the header parsing is refactored. No need
for a special followup to this.

Amos