Return 400 response for chunked requests with unexpected data after chunk

Fixes #133

Author: jeremyevans

lib/webrick/httprequest.rb

@@ -566,7 +566,11 @@ def read_chunked(socket, block)
           block.call(data)
         end while (chunk_size -= sz) > 0
 
-        read_line(socket)                    # skip CRLF
+        line = read_line(socket)              # skip CRLF
+        unless line == "\r\n"
+          raise HTTPStatus::BadRequest, "extra data after chunk `#{line}'."
+        end
+
         chunk_size, = read_chunk_size(socket)
       end
       read_header(socket)                    # trailer + CRLF

test/webrick/test_httprequest.rb

@@ -312,6 +312,30 @@ def test_bad_chunked
     end
   end
 
+  def test_bad_chunked_extra_data
+    msg = <<-_end_of_message_
+      POST /path HTTP/1.1\r
+      Transfer-Encoding: chunked\r
+      \r
+      3\r
+      ABCthis-all-gets-ignored\r
+      0\r
+      \r
+    _end_of_message_
+    msg.gsub!(/^ {6}/, "")
+    req = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP)
+    req.parse(StringIO.new(msg))
+    assert_raise(WEBrick::HTTPStatus::BadRequest){ req.body }
+
+    # chunked req.body_reader
+    req = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP)
+    req.parse(StringIO.new(msg))
+    dst = StringIO.new
+    assert_raise(WEBrick::HTTPStatus::BadRequest) do
+      IO.copy_stream(req.body_reader, dst)
+    end
+  end
+
   def test_null_byte_in_header
     msg = <<-_end_of_message_
       POST /path HTTP/1.1\r