Fail HTTP/1.0 POST and PUT requests without C-L

It is not allowed by the spec and we incorrectly assumed chunked
and eventually timed out.  OK'd by phk@.
Fixes #1843.

bin/varnishd/http1/cache_http1_proto.c

@@ -288,6 +288,8 @@ http1_body_status(const struct http *hp, struct http_conn *htc)
 	htc->content_length = -1;
 
 	cl = http_GetContentLength(hp);
+	if (cl == -2)
+		return (BS_ERROR);
 	if (http_GetHdr(hp, H_Transfer_Encoding, &b)) {
 		if (strcasecmp(b, "chunked"))
 			return (BS_ERROR);
@@ -300,8 +302,6 @@ http1_body_status(const struct http *hp, struct http_conn *htc)
 		}
 		return (BS_CHUNKED);
 	}
-	if (cl == -2)
-		return (BS_ERROR);
 	if (cl >= 0) {
 		htc->content_length = cl;
 		return (cl == 0 ? BS_NONE : BS_LENGTH);
@@ -381,10 +381,13 @@ HTTP1_DissectRequest(struct http_conn *htc, struct http *hp)
 	p = http_GetMethod(hp);
 	AN(p);
 
-	/* We handle EOF bodies only for PUT and POST */
-	if (htc->body_status == BS_EOF &&
-	    strcasecmp(p, "put") && strcasecmp(p, "post"))
+	if (htc->body_status == BS_EOF) {
+		assert(hp->protover == 10);
+		/* RFC1945 8.3 p32 and D.1.1 p58 */
+		if (!strcasecmp(p, "post") || !strcasecmp(p, "put"))
+			return (400);
 		htc->body_status = BS_NONE;
+	}
 
 	/* HEAD with a body is a hard error */
 	if (htc->body_status != BS_NONE && !strcasecmp(p, "head"))

bin/varnishtest/tests/r01843.vtc

+varnishtest "HTTP/1.0 POST and PUT need a valid Content-Length"
+
+server s1 { } -start
+
+varnish v1 -vcl+backend {} -start
+
+client c1 {
+	txreq -proto HTTP/1.0 -req "POST" -nolen
+	rxresp
+	expect resp.status == 400
+} -run
+
+client c1 {
+	txreq -proto HTTP/1.0 -req "PUT" -nolen
+	rxresp
+	expect resp.status == 400
+} -run