fix(l7): reject requests with both CL and TE headers in inference parser (CWE-444)

latenighthackathon · latenighthackathon · commit ac14c2e66739 · 2026-03-30T00:02:09.000-05:00
The CL/TE desynchronisation guard added in NVIDIA#663 for the REST path was not applied to the inference request parser. A request containing both Content-Length and Transfer-Encoding headers could be interpreted differently by the proxy and the upstream server, enabling HTTP request smuggling (CWE-444, RFC 7230 Section 3.3.3). Add the same rejection check and two tests mirroring the REST parser coverage. Signed-off-by: latenighthackathon <latenighthackathon@users.noreply.github.com>
diff --git a/crates/openshell-sandbox/src/l7/inference.rs b/crates/openshell-sandbox/src/l7/inference.rs
@@ -164,6 +164,13 @@ pub fn try_parse_http_request(buf: &[u8]) -> ParseResult {
         }
     }
 
+    if is_chunked && has_content_length {
+        return ParseResult::Invalid(
+            "request contains both Transfer-Encoding and Content-Length headers"
+                .to_string(),
+        );
+    }
+
     let (body, consumed) = if is_chunked {
         let Some((decoded_body, consumed)) = parse_chunked_body(buf, body_start) else {
             return ParseResult::Incomplete;
@@ -608,4 +615,37 @@ mod tests {
             ParseResult::Invalid(_)
         ));
     }
+
+    // ---- SEC-009: CL/TE desynchronisation ----
+
+    /// Reject requests with both Content-Length and Transfer-Encoding to
+    /// prevent CL/TE request smuggling (RFC 7230 Section 3.3.3).
+    #[test]
+    fn reject_dual_content_length_and_transfer_encoding() {
+        let request = b"POST /v1/chat/completions HTTP/1.1\r\nHost: x\r\nContent-Length: 5\r\nTransfer-Encoding: chunked\r\n\r\n";
+        assert!(
+            matches!(
+                try_parse_http_request(request),
+                ParseResult::Invalid(reason)
+                    if reason.contains("Transfer-Encoding")
+                        && reason.contains("Content-Length")
+            ),
+            "Must reject request with both CL and TE"
+        );
+    }
+
+    /// Same rejection regardless of header order.
+    #[test]
+    fn reject_dual_transfer_encoding_and_content_length() {
+        let request = b"POST /v1/chat/completions HTTP/1.1\r\nHost: x\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\n";
+        assert!(
+            matches!(
+                try_parse_http_request(request),
+                ParseResult::Invalid(reason)
+                    if reason.contains("Transfer-Encoding")
+                        && reason.contains("Content-Length")
+            ),
+            "Must reject request with both TE and CL"
+        );
+    }
 }
