Mercurial > hg > nginx-quic
changeset 8319:ffcaf0aad9f2 quic
HTTP/3: limited client header size.
The limit is the size of all large client header buffers. Client header size
is the total size of all client header names and values.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Wed, 17 Feb 2021 11:58:32 +0300 |
parents | 3057bae4dba7 |
children | 98bacfc65c61 |
files | src/http/v3/ngx_http_v3.h src/http/v3/ngx_http_v3_request.c |
diffstat | 2 files changed, 16 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/v3/ngx_http_v3.h +++ b/src/http/v3/ngx_http_v3.h @@ -99,6 +99,7 @@ typedef struct { struct ngx_http_v3_parse_s { + size_t header_limit; ngx_http_v3_parse_headers_t headers; ngx_http_v3_parse_data_t body; };
--- a/src/http/v3/ngx_http_v3_request.c +++ b/src/http/v3/ngx_http_v3_request.c @@ -118,6 +118,9 @@ ngx_http_v3_init(ngx_connection_t *c) return; } + r->v3_parse->header_limit = cscf->large_client_header_buffers.size + * cscf->large_client_header_buffers.num; + c->data = r; rev = c->read; @@ -261,11 +264,23 @@ static ngx_int_t ngx_http_v3_process_header(ngx_http_request_t *r, ngx_str_t *name, ngx_str_t *value) { + size_t len; ngx_table_elt_t *h; ngx_http_header_t *hh; ngx_http_core_srv_conf_t *cscf; ngx_http_core_main_conf_t *cmcf; + len = name->len + value->len; + + if (len > r->v3_parse->header_limit) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent too large header"); + ngx_http_finalize_request(r, NGX_HTTP_REQUEST_HEADER_TOO_LARGE); + return NGX_ERROR; + } + + r->v3_parse->header_limit -= len; + if (ngx_http_v3_validate_header(r, name, value) != NGX_OK) { ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); return NGX_ERROR;