netty5/codec-http
Norman Maurer 89c241e3b1
Merge pull request from GHSA-wm47-8v5p-wjpj
Motivation:

As stated by https://tools.ietf.org/html/rfc7540#section-8.1.2.6 we should report a stream error if the content-length does not match the sum of all data frames.

Modifications:

- Verify that the sum of data frames match if a content-length header was send.
- Handle multiple content-length headers and also handle negative values
- Add io.netty.http2.validateContentLength system property which allows to disable the more strict validation
- Add unit tests

Result:

Correctly handle the case when the content-length header was included but not match what is send and also when content-length header is invalid
2021-03-09 08:20:09 +01:00
..
src Merge pull request from GHSA-wm47-8v5p-wjpj 2021-03-09 08:20:09 +01:00
pom.xml [maven-release-plugin] prepare for next development iteration 2021-02-08 10:48:37 +00:00