[PATCH] HTTP/3: fixed handling of malformed request body length
Sergey Kandaurov
pluknet at nginx.com
Mon Apr 22 15:00:49 UTC 2024
# HG changeset patch
# User Sergey Kandaurov <pluknet at nginx.com>
# Date 1713798017 -14400
# Mon Apr 22 19:00:17 2024 +0400
# Node ID 754e32eaca24ad751e2a94790e1afd55202c1aba
# Parent 9f84f2e49c624e82e054a2dcd48723119c44029c
HTTP/3: fixed handling of malformed request body length.
Previously, a request body larger than declared in Content-Length resulted in
a 413 status code, because Content-Length was mistakenly used as the maximum
allowed request body, similar to client_max_body_size. Following the HTTP/3
specification, such requests are now rejected with the 400 error as malformed.
diff --git a/src/http/v3/ngx_http_v3_request.c b/src/http/v3/ngx_http_v3_request.c
--- a/src/http/v3/ngx_http_v3_request.c
+++ b/src/http/v3/ngx_http_v3_request.c
@@ -1575,12 +1575,21 @@ ngx_http_v3_request_body_filter(ngx_http
/* rc == NGX_OK */
if (max != -1 && (uint64_t) (max - rb->received) < st->length) {
- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "client intended to send too large "
- "body: %O+%ui bytes",
- rb->received, st->length);
+
+ if (max == r->headers_in.content_length_n) {
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "client intended to send body data "
+ "larger than declared");
+
+ return NGX_HTTP_BAD_REQUEST;
- return NGX_HTTP_REQUEST_ENTITY_TOO_LARGE;
+ } else {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "client intended to send too large body: "
+ "%O+%ui bytes", rb->received, st->length);
+
+ return NGX_HTTP_REQUEST_ENTITY_TOO_LARGE;
+ }
}
continue;
More information about the nginx-devel
mailing list