[core] reject Transfer-Encoding from proxy (#2913)

reject Transfer-Encoding from backend for mod_proxy.
mod_proxy currently sends HTTP/1.0 requests to the backend,
for which Transfer-Encoding: chunked is not a valid response header.
Additionally, there is no value to Transfer-Encoding: chunked from
backend since lighttpd mod_proxy sends HTTP/1.0 request along with
Connection: close, so the backend closing the socket is the end of
the response from the backend.

x-ref:
  "Reverse proxy does not work with sandstorm"
  https://redmine.lighttpd.net/issues/2913

1 files changed, 8 insertions, 1 deletions

diff --git a/src/http-header-glue.c b/src/http-header-glue.c
index b2da3603..fda60330 100644
--- a/src/http-header-glue.c
+++ b/src/http-header-glue.c
@@ -953,7 +953,14 @@ static int http_response_process_headers(server *srv, connection *con, http_resp
             con->response.content_length = strtoul(value, NULL, 10);
             break;
           case HTTP_HEADER_TRANSFER_ENCODING:
-            if (opts->backend == BACKEND_PROXY) continue;
+            if (opts->backend == BACKEND_PROXY) {
+                log_error_write(srv, __FILE__, __LINE__, "s",
+                                "proxy backend sent invalid response header "
+                                "(Transfer-Encoding) to HTTP/1.0 request");
+                con->http_status = 502; /* Bad Gateway */
+                con->mode = DIRECT;
+                return -1;
+            }
             break;
           default:
             break;