From fc70ce08f5818a286fb5899a1bc3aff5965a745e Mon Sep 17 00:00:00 2001
From: Fedor Indutny <fedor@indutny.com>
Date: Wed, 18 Nov 2020 20:50:21 -0800
Subject: [PATCH] http: unset `F_CHUNKED` on new `Transfer-Encoding`

Duplicate `Transfer-Encoding` header should be a treated as a single,
but with original header values concatenated with a comma separator. In
the light of this, even if the past `Transfer-Encoding` ended with
`chunked`, we should be not let the `F_CHUNKED` to leak into the next
header, because mere presence of another header indicates that `chunked`
is not the last transfer-encoding token.

CVE-ID: CVE-2020-8287
PR-URL: https://github.com/nodejs-private/node-private/pull/235
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
---
 http_parser.c |  7 +++++++
 test.c        | 26 ++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/http_parser.c b/http_parser.c
index 9be003e7322..e9b2b9e83b9 100644
--- a/http_parser.c
+++ b/http_parser.c
@@ -1344,6 +1344,13 @@ size_t http</td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=42231bc15df441d6426dec57283aca9ae7a03fcf'>refs</a><a class='active' href='/guix/log/gnu/packages/patches/guile-rsvg-pkgconfig.patch'>log</a><a href='/guix/tree/gnu/packages/patches/guile-rsvg-pkgconfig.patch?id=42231bc15df441d6426dec57283aca9ae7a03fcf'>tree</a><a href='/guix/commit/gnu/packages/patches/guile-rsvg-pkgconfig.patch?id=42231bc15df441d6426dec57283aca9ae7a03fcf'>commit</a><a href='/guix/diff/gnu/packages/patches/guile-rsvg-pkgconfig.patch?id=42231bc15df441d6426dec57283aca9ae7a03fcf'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/packages/patches/guile-rsvg-pkgconfig.patch'>
<input type='hidden' name='id' value='42231bc15df441d6426dec57283aca9ae7a03fcf'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=42231bc15df441d6426dec57283aca9ae7a03fcf'>root</a>/<a href='/guix/log/gnu?id=42231bc15df441d6426dec57283aca9ae7a03fcf'>gnu</a>/<a href='/guix/log/gnu/packages?id=42231bc15df441d6426dec57283aca9ae7a03fcf'>packages</a>/<a href='/guix/log/gnu/packages/patches?id=42231bc15df441d6426dec57283aca9ae7a03fcf'>patches</a>/<a href='/guix/log/gnu/packages/patches/guile-rsvg-pkgconfig.patch?id=42231bc15df4