diff options
| author | Sergey Kandaurov <pluknet@nginx.com> | 2024-05-03 20:28:32 +0400 |
|---|---|---|
| committer | Sergey Kandaurov <pluknet@nginx.com> | 2024-05-03 20:28:32 +0400 |
| commit | a7e3cd52e0a03286267177aa9b88d64232fbaeaf (patch) | |
| tree | 15d76e17c44acdb16c99c01ee45b13cc42780e1e /src | |
| parent | 3f0fe15a98c2f849cf1f3f86a60b547e12273f4c (diff) | |
| download | nginx-a7e3cd52e0a03286267177aa9b88d64232fbaeaf.tar.gz nginx-a7e3cd52e0a03286267177aa9b88d64232fbaeaf.zip | |
HTTP/3: fixed handling of malformed request body length.
Previously, a request body larger than declared in Content-Length resulted in
a 413 status code, because Content-Length was mistakenly used as the maximum
allowed request body, similar to client_max_body_size. Following the HTTP/3
specification, such requests are now rejected with the 400 error as malformed.
Diffstat (limited to 'src')
| -rw-r--r-- | src/http/v3/ngx_http_v3_request.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/http/v3/ngx_http_v3_request.c b/src/http/v3/ngx_http_v3_request.c index 87f5f3214..aec122be6 100644 --- a/src/http/v3/ngx_http_v3_request.c +++ b/src/http/v3/ngx_http_v3_request.c @@ -1575,6 +1575,15 @@ ngx_http_v3_request_body_filter(ngx_http_request_t *r, ngx_chain_t *in) /* rc == NGX_OK */ if (max != -1 && (uint64_t) (max - rb->received) < st->length) { + + if (r->headers_in.content_length_n != -1) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client intended to send body data " + "larger than declared"); + + return NGX_HTTP_BAD_REQUEST; + } + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "client intended to send too large " "body: %O+%ui bytes", |