Improper handling of messages with both `Transfer-Encoding` and `Content-Length` headers

[kenballus]

When uhttpd receives a request with both a Transfer-Encoding: chunked and a Content-Length header, it prioritizes the Content-Length header. This is disallowed by RFC 9112, section 6.1:

A server MAY reject a request that contains both Content-Length and Transfer-Encoding or process such a request in accordance with the Transfer-Encoding alone. Regardless, the server MUST close the connection after responding to such a request to avoid the potential attacks.

I suggest that uhttpd respond 400 and close the connection in response to requests containing both headers. These requests are very uncommon and indicate a likely attempted request smuggling attack.

[vincejv]

Referencing the list of issues caused by this bug

• luci-app-banip: Feed selection is broken in the latest SNAPSHOT luci#7432
• luci-app-banip: Support for HTTP 1.1 luci#7697
• Even if Content-Length exists, luci will add Transfer-Encoding to the response header luci#7655

[jow-]

These bugs are unrelated to this one. This issue is about parsing HTTP requests with message body and conflicting Content-Length, Transfer-Encoding headers.

The linked issues are related to handling CGI process replies with Content-Lebgth header set