From 2e5ceb3934a7bc5422c5a3a18daafa1b1af02090 Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <mail@michael-kaufmann.ch>
Date: Sun, 2 Jun 2019 15:16:52 +0200
Subject: http: don't parse body-related headers bodyless responses

Responses with status codes 1xx, 204 or 304 don't have a response body. For
these, don't parse these headers:

- Content-Encoding
- Content-Length
- Content-Range
- Last-Modified
- Transfer-Encoding

This change ensures that HTTP/2 upgrades work even if a
"Content-Length: 0" or a "Transfer-Encoding: chunked" header is present.

Co-authored-by: Daniel Stenberg
Closes #3702
Fixes #3968
Closes #3977
---
 lib/http.c          | 16 ++++++++--------
 lib/urldata.h       |  4 ++--
 tests/data/test1429 |  6 +++---
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/lib/http.c b/lib/http.c
index 1d11c218f..a80e80157 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -3769,6 +3769,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
                        "HTTP 1.1 or later with persistent connection\n"));
         }
 
+        k->http_bodyless = k->httpcode >= 100 && k->httpcode < 200;
         switch(k->httpcode) {
         case 304:
           /* (quote from RFC2616, section 10.3.5): The 304 response
@@ -3786,10 +3787,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
            * empty line after the header fields. */
           k->size = 0;
           k->maxdownload = 0;
-          k->ignorecl = TRUE; /* ignore Content-Length headers */
+          k->http_bodyless = TRUE;
           break;
         default:
-          /* nothing */
           break;
         }
       }
@@ -3805,8 +3805,8 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
       return result;
 
     /* Check for Content-Length: header lines to get size */
-    if(!k->ignorecl && !data->set.ignorecl &&
-       checkprefix("Content-Length:", k->p)) {
+    if(!k->http_bodyless &&
+       !data->set.ignorecl && checkprefix("Content-Length:", k->p)) {
       curl_off_t contentlength;
       CURLofft offt = curlx_strtoofft(k->p + 15, NULL, 10, &contentlength);
 
@@ -3895,7 +3895,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
        */
       streamclose(conn, "Connection: close used");
     }
-    else if(checkprefix("Transfer-Encoding:", k->p)) {
+    else if(!k->http_bodyless && checkprefix("Transfer-Encoding:", k->p)) {
       /* One or more encodings. We check for chunked and/or a compression
          algorithm. */
       /*
@@ -3911,7 +3911,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
       if(result)
         return result;
     }
-    else if(checkprefix("Content-Encoding:", k->p) &&
+    else if(!k->http_bodyless && checkprefix("Content-Encoding:", k->p) &&
             data->set.str[STRING_ENCODING]) {
       /*
        * Process Content-Encoding. Look for the values: identity,
@@ -3924,7 +3924,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
       if(result)
         return result;
     }
-    else if(checkprefix("Content-Range:", k->p)) {
+    else if(!k->http_bodyless && checkprefix("Content-Range:", k->p)) {
       /* Content-Range: bytes [num]-
          Content-Range: bytes: [num]-
          Content-Range: [num]-
@@ -3970,7 +3970,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
       Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
     }
 #endif
-    else if(checkprefix("Last-Modified:", k->p) &&
+    else if(!k->http_bodyless && checkprefix("Last-Modified:", k->p) &&
             (data->set.timecondition || data->set.get_filetime) ) {
       time_t secs = time(NULL);
       k->timeofdoc = curl_getdate(k->p + strlen("Last-Modified:"),
diff --git a/lib/urldata.h b/lib/urldata.h
index af51b6942..42fb82fdd 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -617,8 +617,8 @@ struct SingleRequest {
   bit upload_done:1;  /* set to TRUE when doing chunked transfer-encoding
                          upload and we're uploading the last chunk */
   bit ignorebody:1;   /* we read a response-body but we ignore it! */
-  bit ignorecl:1;     /* This HTTP response has no body so we ignore the
-                         Content-Length: header */
+  bit http_bodyless:1; /* HTTP response status code is between 100 and 199,
+                          204 or 304 */
   bit chunk:1; /* if set, this is a chunked transfer-encoding */
   bit upload_chunky:1; /* set TRUE if we are doing chunked transfer-encoding
                           on upload */
diff --git a/tests/data/test1429 b/tests/data/test1429
index 20b031a1e..b6a66c75f 100644
--- a/tests/data/test1429
+++ b/tests/data/test1429
@@ -9,7 +9,7 @@ HTTP/0.9
 
 <reply>
 <data nocheck="yes">
-HTTP/1.1 1234 OK
+HTTP/1.1 2345 OK
 Date: Thu, 09 Nov 2010 14:49:00 GMT
 Server: test-server/fake
 Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
@@ -43,7 +43,7 @@ http://%HOSTIP:%HTTPPORT/1429 --write-out '%{response_code}' --http0.9
 # Verify data after the test has been "shot"
 <verify>
 <stdout nonewline="yes">
-HTTP/1.1 1234 OK
+HTTP/1.1 2345 OK
 Date: Thu, 09 Nov 2010 14:49:00 GMT
 Server: test-server/fake
 Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
@@ -55,7 +55,7 @@ Content-Type: text/html
 Funny-head: yesyes
 
 -foo-
-123
+234
 </stdout>
 <strip>
 ^User-Agent:.*
-- 
cgit v1.2.1