[PATCH 3 of 4] HTTP/2: reject HTTP/2 requests with "Transfer-Encoding" header
Piotr Sikora
piotrsikora at google.com
Tue Jun 13 12:19:47 UTC 2017
# HG changeset patch
# User Piotr Sikora <piotrsikora at google.com>
# Date 1490516709 25200
# Sun Mar 26 01:25:09 2017 -0700
# Node ID 6263d68cb96042d8f8974a4a3945226227ce13b9
# Parent 349648a6f91f9bd5cc80d22390b95c2239a8bfb3
HTTP/2: reject HTTP/2 requests with "Transfer-Encoding" header.
Signed-off-by: Piotr Sikora <piotrsikora at google.com>
diff -r 349648a6f91f -r 6263d68cb960 src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -29,6 +29,8 @@ static ngx_int_t ngx_http_process_connec
ngx_table_elt_t *h, ngx_uint_t offset);
static ngx_int_t ngx_http_process_te(ngx_http_request_t *r,
ngx_table_elt_t *h, ngx_uint_t offset);
+static ngx_int_t ngx_http_process_transfer_encoding(ngx_http_request_t *r,
+ ngx_table_elt_t *h, ngx_uint_t offset);
static ngx_int_t ngx_http_process_user_agent(ngx_http_request_t *r,
ngx_table_elt_t *h, ngx_uint_t offset);
@@ -136,7 +138,7 @@ ngx_http_header_t ngx_http_headers_in[]
{ ngx_string("Transfer-Encoding"),
offsetof(ngx_http_headers_in_t, transfer_encoding),
- ngx_http_process_header_line },
+ ngx_http_process_transfer_encoding },
{ ngx_string("Expect"),
offsetof(ngx_http_headers_in_t, expect),
@@ -1743,6 +1745,49 @@ ngx_http_process_te(ngx_http_request_t *
static ngx_int_t
+ngx_http_process_transfer_encoding(ngx_http_request_t *r, ngx_table_elt_t *h,
+ ngx_uint_t offset)
+{
+ if (r->headers_in.transfer_encoding == NULL) {
+ r->headers_in.transfer_encoding = h;
+ }
+
+#if (NGX_HTTP_V2)
+
+ if (r->stream) {
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "client sent HTTP/2 request with \"Transfer-Encoding\" "
+ "header");
+
+ ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
+ return NGX_ERROR;
+ }
+
+#endif
+
+ if (h->value.len == 7
+ && ngx_strncasecmp(h->value.data, (u_char *) "chunked", 7) == 0)
+ {
+ r->headers_in.chunked = 1;
+ return NGX_OK;
+ }
+
+ if (h->value.len != 8
+ || ngx_strncasecmp(h->value.data, (u_char *) "identity", 8) != 0)
+ {
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "client sent unknown \"Transfer-Encoding: %V\" header",
+ &h->value);
+
+ ngx_http_finalize_request(r, NGX_HTTP_NOT_IMPLEMENTED);
+ return NGX_ERROR;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
ngx_http_process_user_agent(ngx_http_request_t *r, ngx_table_elt_t *h,
ngx_uint_t offset)
{
@@ -1881,25 +1926,9 @@ ngx_http_process_request_header(ngx_http
return NGX_ERROR;
}
- if (r->headers_in.transfer_encoding) {
- if (r->headers_in.transfer_encoding->value.len == 7
- && ngx_strncasecmp(r->headers_in.transfer_encoding->value.data,
- (u_char *) "chunked", 7) == 0)
- {
- r->headers_in.content_length = NULL;
- r->headers_in.content_length_n = -1;
- r->headers_in.chunked = 1;
-
- } else if (r->headers_in.transfer_encoding->value.len != 8
- || ngx_strncasecmp(r->headers_in.transfer_encoding->value.data,
- (u_char *) "identity", 8) != 0)
- {
- ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
- "client sent unknown \"Transfer-Encoding\": \"%V\"",
- &r->headers_in.transfer_encoding->value);
- ngx_http_finalize_request(r, NGX_HTTP_NOT_IMPLEMENTED);
- return NGX_ERROR;
- }
+ if (r->headers_in.chunked) {
+ r->headers_in.content_length = NULL;
+ r->headers_in.content_length_n = -1;
}
if (r->headers_in.connection_type == NGX_HTTP_CONNECTION_KEEP_ALIVE) {
More information about the nginx-devel
mailing list