# HG changeset patch # User Piotr Sikora <[email protected]> # Date 1490516709 25200 # Sun Mar 26 01:25:09 2017 -0700 # Node ID 6263d68cb96042d8f8974a4a3945226227ce13b9 # Parent 349648a6f91f9bd5cc80d22390b95c2239a8bfb3 HTTP/2: reject HTTP/2 requests with "Transfer-Encoding" header.
Signed-off-by: Piotr Sikora <[email protected]> diff -r 349648a6f91f -r 6263d68cb960 src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -29,6 +29,8 @@ static ngx_int_t ngx_http_process_connec ngx_table_elt_t *h, ngx_uint_t offset); static ngx_int_t ngx_http_process_te(ngx_http_request_t *r, ngx_table_elt_t *h, ngx_uint_t offset); +static ngx_int_t ngx_http_process_transfer_encoding(ngx_http_request_t *r, + ngx_table_elt_t *h, ngx_uint_t offset); static ngx_int_t ngx_http_process_user_agent(ngx_http_request_t *r, ngx_table_elt_t *h, ngx_uint_t offset); @@ -136,7 +138,7 @@ ngx_http_header_t ngx_http_headers_in[] { ngx_string("Transfer-Encoding"), offsetof(ngx_http_headers_in_t, transfer_encoding), - ngx_http_process_header_line }, + ngx_http_process_transfer_encoding }, { ngx_string("Expect"), offsetof(ngx_http_headers_in_t, expect), @@ -1743,6 +1745,49 @@ ngx_http_process_te(ngx_http_request_t * static ngx_int_t +ngx_http_process_transfer_encoding(ngx_http_request_t *r, ngx_table_elt_t *h, + ngx_uint_t offset) +{ + if (r->headers_in.transfer_encoding == NULL) { + r->headers_in.transfer_encoding = h; + } + +#if (NGX_HTTP_V2) + + if (r->stream) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent HTTP/2 request with \"Transfer-Encoding\" " + "header"); + + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return NGX_ERROR; + } + +#endif + + if (h->value.len == 7 + && ngx_strncasecmp(h->value.data, (u_char *) "chunked", 7) == 0) + { + r->headers_in.chunked = 1; + return NGX_OK; + } + + if (h->value.len != 8 + || ngx_strncasecmp(h->value.data, (u_char *) "identity", 8) != 0) + { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent unknown \"Transfer-Encoding: %V\" header", + &h->value); + + ngx_http_finalize_request(r, NGX_HTTP_NOT_IMPLEMENTED); + return NGX_ERROR; + } + + return NGX_OK; +} + + +static ngx_int_t ngx_http_process_user_agent(ngx_http_request_t *r, ngx_table_elt_t *h, ngx_uint_t offset) { @@ -1881,25 +1926,9 @@ ngx_http_process_request_header(ngx_http return NGX_ERROR; } - if (r->headers_in.transfer_encoding) { - if (r->headers_in.transfer_encoding->value.len == 7 - && ngx_strncasecmp(r->headers_in.transfer_encoding->value.data, - (u_char *) "chunked", 7) == 0) - { - r->headers_in.content_length = NULL; - r->headers_in.content_length_n = -1; - r->headers_in.chunked = 1; - - } else if (r->headers_in.transfer_encoding->value.len != 8 - || ngx_strncasecmp(r->headers_in.transfer_encoding->value.data, - (u_char *) "identity", 8) != 0) - { - ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client sent unknown \"Transfer-Encoding\": \"%V\"", - &r->headers_in.transfer_encoding->value); - ngx_http_finalize_request(r, NGX_HTTP_NOT_IMPLEMENTED); - return NGX_ERROR; - } + if (r->headers_in.chunked) { + r->headers_in.content_length = NULL; + r->headers_in.content_length_n = -1; } if (r->headers_in.connection_type == NGX_HTTP_CONNECTION_KEEP_ALIVE) { _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
