From 2a6b54c23020a24eaadfb4006235ca17dfa877f8 Mon Sep 17 00:00:00 2001
From: Valentin Bartenev <vbart@nginx.com>
Date: Mon, 18 Feb 2019 16:51:30 +0300
Subject: [PATCH] Rejecting requests with duplicate "Content-Length".

---
 src/nxt_http_request.c   | 13 ++++++++-----
 test/test_http_header.py |  1 -
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/nxt_http_request.c b/src/nxt_http_request.c
index c8adb499..bbc138a7 100644
--- a/src/nxt_http_request.c
+++ b/src/nxt_http_request.c
@@ -83,13 +83,16 @@ nxt_http_request_content_length(void *ctx, nxt_http_field_t *field,
     nxt_http_request_t  *r;
 
     r = ctx;
-    r->content_length = field;
 
-    n = nxt_off_t_parse(field->value, field->value_length);
+    if (nxt_fast_path(r->content_length == NULL)) {
+        r->content_length = field;
 
-    if (nxt_fast_path(n >= 0)) {
-        r->content_length_n = n;
-        return NXT_OK;
+        n = nxt_off_t_parse(field->value, field->value_length);
+
+        if (nxt_fast_path(n >= 0)) {
+            r->content_length_n = n;
+            return NXT_OK;
+        }
     }
 
     return NXT_ERROR;
diff --git a/test/test_http_header.py b/test/test_http_header.py
index 7894c94e..5a982217 100644
--- a/test/test_http_header.py
+++ b/test/test_http_header.py
@@ -198,7 +198,6 @@ a
             'Host': 'localhost'
         }, body='X' * 1000)['status'], 400, 'Content-Length multiple value')
 
-    @unittest.expectedFailure
     def test_http_header_content_length_multiple_fields(self):
         self.load('empty')