From a1dfdd2d858c08745e8457d18a76789a147e34a8 Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Wed, 21 Dec 2022 11:34:03 +0000
Subject: httpd: drop connection if 404 on POST bodies

Persistent connections and undrained input don't mix; so the
simplest thing is to drop the persistent connection when we
short-circuit out on /$PID/ prefix mismatches.

In retrospect, it's probably not worth supporting persistent
connections at all for a AF_UNIX-only server...
---
 httpd.h   | 1 +
 t/httpd.t | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/httpd.h b/httpd.h
index eddea97..a59c9dd 100644
--- a/httpd.h
+++ b/httpd.h
@@ -310,6 +310,7 @@ static enum mw_qev h1_404(struct mw_h1 *h1)
 	static const char r404[] = "HTTP/1.1 404 Not Found\r\n"
 		"Content-Type: text/html\r\n"
 		"Content-Length: 10\r\n\r\n" "Not Found\n";
+	if (h1->has_input) h1->persist = 0;
 	return h1_res_oneshot(h1, r404, sizeof(r404) - 1);
 }
 
diff --git a/t/httpd.t b/t/httpd.t
index 3fe9c1f..53cf420 100644
--- a/t/httpd.t
+++ b/t/httpd.t
@@ -161,6 +161,10 @@ SKIP: {
 		'-HX-Mwrap-BT-Depth:10', '-XPOST', "http://0/$pid/ctl");
 	is($rc, 0, 'curl /ctl (X-Mwrap-BT-Depth)');
 	like(slurp($cout), qr/\bMWRAP=bt:10\b/, 'changed bt depth');
+
+	$rc = system(qw(curl -vsSf --unix-socket), $sock, '-o', $cout,
+		'-HX-Mwrap-BT-Depth:10', '-d', 'blah', "http://0/ctl");
+	is($rc >> 8, 22, '404 w/o PID prefix');
 };
 
 
-- 
cgit v1.2.3-24-ge0c7