Merge pull request #4646 from coderanger/negative-length

Handle negative content length headers too.

2 files changed, 20 insertions, 0 deletions

diff --git a/lib/chef/http/validate_content_length.rb b/lib/chef/http/validate_content_length.rb
index 33b6d5a549..81d3b0fb74 100644
--- a/lib/chef/http/validate_content_length.rb
+++ b/lib/chef/http/validate_content_length.rb
@@ -91,6 +91,11 @@ class Chef
           return true
         end
 
+        if content_length < 0
+          Chef::Log.debug "HTTP server responded with a negative Content-Length header (#{content_length}), cannot identify truncated downloads."
+          return true
+        end
+
         # if Transfer-Encoding is set the RFC states that we must ignore the Content-Length field
         # CHEF-5041: some proxies uncompress gzip content, leave the incorrect content-length, but set the transfer-encoding field
         unless transfer_encoding.nil?
diff --git a/spec/unit/http/validate_content_length_spec.rb b/spec/unit/http/validate_content_length_spec.rb
index 37bf6c2180..85f8d92f78 100644
--- a/spec/unit/http/validate_content_length_spec.rb
+++ b/spec/unit/http/validate_content_length_spec.rb
@@ -119,6 +119,21 @@ describe Chef::HTTP::ValidateContentLength do
     end
   end
 
+  describe "with negative Content-Length header" do
+    let(:content_length_value) { "-1" }
+
+    %w{direct streaming}.each do |req_type|
+      describe "when running #{req_type} request" do
+        let(:request_type) { req_type.to_sym }
+
+        it "should skip validation and log for debug" do
+          run_content_length_validation
+          expect(debug_output).to include("HTTP server responded with a negative Content-Length header (-1), cannot identify truncated downloads.")
+        end
+      end
+    end
+  end
+
   describe "with correct Content-Length header" do
     %w{direct streaming}.each do |req_type|
       describe "when running #{req_type} request" do