http/h1_stream: handle EOF when `body_read_type==length`

daurnimator / lua-http

HTTP Library for Lua. Supports HTTP(S) 1.0, 1.1 and 2.0; client and server.

https://daurnimator.github.io/lua-http/

MIT License

778 stars 80 forks source link

http/h1_stream: handle EOF when `body_read_type==length` #213

Closed daurnimator closed 10 months ago

daurnimator commented 10 months ago

If a client closes the connection before sending the expected number of bytes then return EPIPE. This fixes a potential infinite draining loop when trying to trying to :shutdown() a stream.

bigben93 commented 10 months ago

I tested it and it works.

jirutka commented 8 months ago

For the record, this fixes vulnerability CVE-2023-4540.