nginx: src/http/ngx_http_spdy.c comparison

comparison src/http/ngx_http_spdy.c @ 5628:a24f88eff684

SPDY: detect premature closing of stream. The SPDY/3.1 specification requires that the server must respond with a 400 "Bad request" error if the sum of the data frame payload lengths does not equal the size of the Content-Length header. This also fixes "zero size buf in output" alert, that might be triggered if client sends a greater than zero Content-Length header and closes stream using the FIN flag with an empty request body.

author	Valentin Bartenev <vbart@nginx.com>
date	Fri, 28 Mar 2014 20:22:57 +0400
parents	d74889fbf06d
children	0aeb6f63d242

comparison

equal deleted inserted replaced

-:d74889fbf06d
+:a24f88eff684
 if (sc->flags & NGX_SPDY_FLAG_FIN) {
 stream->in_closed = 1;
+if (r->headers_in.content_length_n < 0) {
+r->headers_in.content_length_n = rb->rest;
+} else if (r->headers_in.content_length_n != rb->rest) {
+ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+"client prematurely closed stream: "
+"%O of %O bytes of request body received",
+rb->rest, r->headers_in.content_length_n);
+stream->skip_data = NGX_SPDY_DATA_ERROR;
+goto error;
+}
 if (tf) {
 ngx_memzero(buf, sizeof(ngx_buf_t));
 buf->in_file = 1;
 buf->file_last = tf->file.offset;
 buf->file = &tf->file;
 rb->buf = NULL;
-}
-if (r->headers_in.content_length_n < 0) {
-r->headers_in.content_length_n = rb->rest;
 }
 if (rb->post_handler) {
 r->read_event_handler = ngx_http_block_reading;
 rb->post_handler(r);

Mercurial > hg > nginx

comparison src/http/ngx_http_spdy.c @ 5628:a24f88eff684