[PATCH] Fixed 413 custom error page for HTTP/2 and HTTP/3 (ticket #2609)

Roman Arutyunyan arut at nginx.com
Wed Mar 6 06:32:29 UTC 2024


Hi Maxim,

> On 6 Mar 2024, at 12:28 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> 
> Hello!
> 
> On Mon, Mar 04, 2024 at 06:46:23PM +0400, Roman Arutyunyan wrote:
> 
>> # HG changeset patch
>> # User Roman Arutyunyan <arut at nginx.com>
>> # Date 1709563405 -14400
>> #      Mon Mar 04 18:43:25 2024 +0400
>> # Node ID 3b0be477ab7246caba4c5152286b8be520ee0418
>> # Parent  44da04c2d4db94ad4eefa84b299e07c5fa4a00b9
>> Fixed 413 custom error page for HTTP/2 and HTTP/3 (ticket #2609).
>> 
>> Previously an attempt to return a custom 413 error page for these protocols
>> resulted in the standard 413 page (if recursive_error_pages was off) or
>> otherwise internal redirection cycle followed by the 500 error.
>> 
>> Discarding request body for HTTP/1 starts by setting r->discard_body which
>> indicates the body is currently being discarded.  If and when the entire body
>> is read and discarded, the flag is cleared and r->headers_in.content_length_n
>> is set to zero.  Both r->discard_body and r->headers_in.content_length_n
>> prevent nginx from re-generating 413 error after internal redirect in
>> ngx_http_core_find_config_phase().
>> 
>> However the above does not work for HTTP/2 and HTTP/3.  Discarding request
>> body for these protocols does not affect the above mentioned fields, which is
>> why there's no protection against re-generating the 413 error.  The fix is to
>> assign zero to r->headers_in.content_length_n much like in HTTP/1 case after
>> the body is entirely read and discarded, except for these protocols no active
>> discard is needed.
>> 
>> diff --git a/src/http/ngx_http_request_body.c b/src/http/ngx_http_request_body.c
>> --- a/src/http/ngx_http_request_body.c
>> +++ b/src/http/ngx_http_request_body.c
>> @@ -640,12 +640,14 @@ ngx_http_discard_request_body(ngx_http_r
>> #if (NGX_HTTP_V2)
>>     if (r->stream) {
>>         r->stream->skip_data = 1;
>> +        r->headers_in.content_length_n = 0;
>>         return NGX_OK;
>>     }
>> #endif
>> 
>> #if (NGX_HTTP_V3)
>>     if (r->http_version == NGX_HTTP_VERSION_30) {
>> +        r->headers_in.content_length_n = 0;
>>         return NGX_OK;
>>     }
>> #endif
> 
> The patch is wrong, see here:
> 
> https://trac.nginx.org/nginx/ticket/1152#comment:6

Thanks for your kind comment, I read that before.

The patch fixes exactly what it fixes.
Accessing the request body after it was discarded (for example from a 413 custom handler) is a sign of misconfiguration.
Indeed for a misconfigured nginx there is a problem with a HTTP/1 body currently being discarded as well as other inconsistencies.
This may or may not be fixed in the future, but anyway it's a separate issue, which does not exist in a properly configured nginx.

> The issue is in my TODO list.  Once properly fixed, you'll be able 
> to merge the fix from freenginx.
> 
> Alternatively, consider submitting patches to 
> the nginx-devel at freenginx.org list for proper review.

We understand your hard feelings about leaving the project. Hope you'll be ok.

> -- 
> Maxim Dounin
> http://mdounin.ru/
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx-devel

----
Roman Arutyunyan
arut at nginx.com




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20240306/89566532/attachment.htm>


More information about the nginx-devel mailing list