nginx: src/http/ngx_http_upstream.c comparison

comparison src/http/ngx_http_upstream.c @ 7679:05e42236e95b

FastCGI: protection from responses with wrong length. Previous behaviour was to pass everything to the client, but this seems to be suboptimal and causes issues (ticket #1695). Fix is to drop extra data instead, as it naturally happens in most clients. Additionally, we now also issue a warning if the response is too short, and make sure the fact it is truncated is propagated to the client. The u->error flag is introduced to make it possible to propagate the error to the client in case of unbuffered proxying. For responses to HEAD requests there is an exception: we do allow both responses without body and responses with body matching the Content-Length header.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Mon, 06 Jul 2020 18:36:23 +0300
parents	bffcc5af1d72
children	7015f26aef90 a748095bf94e

comparison

equal deleted inserted replaced

-:bffcc5af1d72
+:05e42236e95b
 return NGX_ERROR;
 }
 u->keepalive = 0;
 u->upgrade = 0;
+u->error = 0;
 ngx_memzero(&u->headers_in, sizeof(ngx_http_upstream_headers_in_t));
 u->headers_in.content_length_n = -1;
 u->headers_in.last_modified_time = -1;
 ngx_http_upstream_finalize_request(r, u,
 NGX_HTTP_BAD_GATEWAY);
 return;
 }
-if (upstream->read->error) {
+if (upstream->read->error || u->error) {
 ngx_http_upstream_finalize_request(r, u,
 NGX_HTTP_BAD_GATEWAY);
 return;
 }

Mercurial > hg > nginx

comparison src/http/ngx_http_upstream.c @ 7679:05e42236e95b