relayd: reject duplicate Content-Length headers with 400
Only Host was marked unique, so a request with two Content-Length
fields was framed on the last value but forwarded with both, allowing
a backend to desync and smuggle a request past the filter rules. Mark
Content-Length unique so the second occurrence is rejected in kv_add().
OK kirill@
Synchronize styling, comments, and log messages so that httpd, and relayd's
proc.c are mostly in sync. While here fix a conditional in httpd's
proc_kill that never found its way over from the other proc.c
implementations.
OK rsadowski@
Increase peer->errcnt when sending out notifications
For every error (local or remote) the errcnt needs to be increased so that
the system so that the fast reconnect logic in session_accept is properly
skipped. Without this peers triggering constant notifications are not
slowed down by the IdleHoldTimer.
OK tb@
make authorized_keys "restrict" keyword apply correctly to tunnel
forwarding (which is administratively disabled by default).
Reported by Erichen, Institute of Computing Technology,
Chinese Academy of Sciences