Mercurial > hg > nginx
changeset 9250:55a5a40dccde
Reordered checks for Content-Length and Transfer-Encoding.
This ensures that r->headers_in.content_length_n is not set when both
Content-Length and Transfer-Encoding headers are present, making it slightly
safer to use complex processing for 400 (Bad Request) errors.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sat, 27 Apr 2024 18:16:27 +0300 |
parents | afd36b161859 |
children | 3728a0ed243a |
files | src/http/ngx_http_request.c |
diffstat | 1 files changed, 9 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -1968,6 +1968,15 @@ ngx_http_process_request_header(ngx_http } if (r->headers_in.content_length) { + if (r->headers_in.transfer_encoding) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent \"Content-Length\" and " + "\"Transfer-Encoding\" headers " + "at the same time"); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return NGX_ERROR; + } + r->headers_in.content_length_n = ngx_atoof(r->headers_in.content_length->value.data, r->headers_in.content_length->value.len); @@ -1993,15 +2002,6 @@ ngx_http_process_request_header(ngx_http && ngx_strncasecmp(r->headers_in.transfer_encoding->value.data, (u_char *) "chunked", 7) == 0) { - if (r->headers_in.content_length) { - ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client sent \"Content-Length\" and " - "\"Transfer-Encoding\" headers " - "at the same time"); - ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); - return NGX_ERROR; - } - r->headers_in.chunked = 1; } else {