From bd8670b4db321727de22d934dee6dc1c2d41f704 Mon Sep 17 00:00:00 2001
From: Emile Fugulin <emilefugulin@hotmail.com>
Date: Mon, 18 Nov 2019 20:49:22 -0500
Subject: [PATCH] Handle duplicate content-length

---
 gunicorn/http/message.py        | 2 ++
 tests/requests/invalid/021.http | 5 +++++
 tests/requests/invalid/021.py   | 5 +++++
 3 files changed, 12 insertions(+)
 create mode 100644 tests/requests/invalid/021.http
 create mode 100644 tests/requests/invalid/021.py

diff --git a/gunicorn/http/message.py b/gunicorn/http/message.py
index 5807a464..cbfbd11c 100644
--- a/gunicorn/http/message.py
+++ b/gunicorn/http/message.py
@@ -131,6 +131,8 @@ class Message(object):
         content_length = None
         for (name, value) in self.headers:
             if name == "CONTENT-LENGTH":
+                if content_length is not None:
+                    raise InvalidHeader("CONTENT-LENGTH", req=self)
                 content_length = value
             elif name == "TRANSFER-ENCODING":
                 chunked = value.lower() == "chunked"
diff --git a/tests/requests/invalid/021.http b/tests/requests/invalid/021.http
new file mode 100644
index 00000000..90e77dd1
--- /dev/null
+++ b/tests/requests/invalid/021.http
@@ -0,0 +1,5 @@
+GET /stuff/here?foo=bar HTTP/1.1\r\n
+Content-Length: 3\r\n
+Content-Length: 2\r\n
+\r\n
+xyz
diff --git a/tests/requests/invalid/021.py b/tests/requests/invalid/021.py
new file mode 100644
index 00000000..95b0581a
--- /dev/null
+++ b/tests/requests/invalid/021.py
@@ -0,0 +1,5 @@
+from gunicorn.config import Config
+from gunicorn.http.errors import InvalidHeader
+
+cfg = Config()
+request = InvalidHeader