Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 7878:bea0f9e5c309
Disabled requests with both Content-Length and Transfer-Encoding.
HTTP clients are not allowed to generate such requests since Transfer-Encoding
introduction in RFC 2068, and they are not expected to appear in practice
except in attempts to perform a request smuggling attack. While handling of
such requests is strictly defined, the most secure approach seems to reject
them.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 28 Jun 2021 18:01:06 +0300 |
| parents | 63c66b7cc07c |
| children | 52338ddf9e2f |
comparison
equal
deleted
inserted
replaced
| 7877:63c66b7cc07c | 7878:bea0f9e5c309 |
|---|---|
| 1983 if (r->headers_in.transfer_encoding) { | 1983 if (r->headers_in.transfer_encoding) { |
| 1984 if (r->headers_in.transfer_encoding->value.len == 7 | 1984 if (r->headers_in.transfer_encoding->value.len == 7 |
| 1985 && ngx_strncasecmp(r->headers_in.transfer_encoding->value.data, | 1985 && ngx_strncasecmp(r->headers_in.transfer_encoding->value.data, |
| 1986 (u_char *) "chunked", 7) == 0) | 1986 (u_char *) "chunked", 7) == 0) |
| 1987 { | 1987 { |
| 1988 r->headers_in.content_length = NULL; | 1988 if (r->headers_in.content_length) { |
| 1989 r->headers_in.content_length_n = -1; | 1989 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| 1990 "client sent \"Content-Length\" and " | |
| 1991 "\"Transfer-Encoding\" headers " | |
| 1992 "at the same time"); | |
| 1993 ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); | |
| 1994 return NGX_ERROR; | |
| 1995 } | |
| 1996 | |
| 1990 r->headers_in.chunked = 1; | 1997 r->headers_in.chunked = 1; |
| 1991 | 1998 |
| 1992 } else { | 1999 } else { |
| 1993 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, | 2000 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| 1994 "client sent unknown \"Transfer-Encoding\": \"%V\"", | 2001 "client sent unknown \"Transfer-Encoding\": \"%V\"", |