details: https://hg.nginx.org/nginx/rev/690f46d3bc1f branches: changeset: 9244:690f46d3bc1f user: Sergey Kandaurov <pluk...@nginx.com> date: Fri May 03 20:28:32 2024 +0400 description: HTTP/3: fixed handling of malformed request body length.
Previously, a request body larger than declared in Content-Length resulted in a 413 status code, because Content-Length was mistakenly used as the maximum allowed request body, similar to client_max_body_size. Following the HTTP/3 specification, such requests are now rejected with the 400 error as malformed. diffstat: src/http/v3/ngx_http_v3_request.c | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diffs (19 lines): diff -r ff0312de0112 -r 690f46d3bc1f src/http/v3/ngx_http_v3_request.c --- a/src/http/v3/ngx_http_v3_request.c Fri May 03 20:28:22 2024 +0400 +++ b/src/http/v3/ngx_http_v3_request.c Fri May 03 20:28:32 2024 +0400 @@ -1575,6 +1575,15 @@ ngx_http_v3_request_body_filter(ngx_http /* rc == NGX_OK */ if (max != -1 && (uint64_t) (max - rb->received) < st->length) { + + if (r->headers_in.content_length_n != -1) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client intended to send body data " + "larger than declared"); + + return NGX_HTTP_BAD_REQUEST; + } + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "client intended to send too large " "body: %O+%ui bytes", _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel