Mercurial > hg > nginx
comparison src/http/ngx_http.h @ 9240:f3df785649ae
Request body: limited chunk extensions and trailer headers.
Previously, arbitrary amounts of chunk extensions and trailer headers were
accepted and skipped. Despite being under limit_conn / limit_req limits
(if configured), this can be a DoS vector, so it is now limited by the
client_max_body_size limit.
Reported by Bartek Nowotarski.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Sat, 30 Mar 2024 05:09:35 +0300 |
| parents | 8d0753760546 |
| children |
comparison
equal
deleted
inserted
replaced
| 9239:b2e16e8639c8 | 9240:f3df785649ae |
|---|---|
| 63 | 63 |
| 64 struct ngx_http_chunked_s { | 64 struct ngx_http_chunked_s { |
| 65 ngx_uint_t state; | 65 ngx_uint_t state; |
| 66 off_t size; | 66 off_t size; |
| 67 off_t length; | 67 off_t length; |
| 68 off_t skipped; | |
| 68 }; | 69 }; |
| 69 | 70 |
| 70 | 71 |
| 71 typedef struct { | 72 typedef struct { |
| 72 ngx_uint_t http_version; | 73 ngx_uint_t http_version; |