From b4d6b70d7f2e8207df02ab354da907475dcab8a5 Mon Sep 17 00:00:00 2001
From: Maxim Dounin <mdounin@mdounin.ru>
Date: Thu, 20 Feb 2020 16:19:34 +0300
Subject: [PATCH] Removed "Transfer-Encoding: identity" support.

The "identity" transfer coding has been removed in RFC 7230.  It is
believed that it is not used in real life, and at the same time it
provides a potential attack vector.
---
 src/http/ngx_http_request.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 85c980378..9e64fd293 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1952,10 +1952,7 @@ ngx_http_process_request_header(ngx_http_request_t *r)
             r->headers_in.content_length_n = -1;
             r->headers_in.chunked = 1;
 
-        } else if (r->headers_in.transfer_encoding->value.len != 8
-            || ngx_strncasecmp(r->headers_in.transfer_encoding->value.data,
-                               (u_char *) "identity", 8) != 0)
-        {
+        } else {
             ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
                           "client sent unknown \"Transfer-Encoding\": \"%V\"",
                           &r->headers_in.transfer_encoding->value);