Mercurial > hg > nginx

changeset 9251:3728a0ed243a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
HTTP/3: fixed handling of request body larger than Content-Length. Previously, 413 (Request entity too large) was returned, and incorrect "client intended to send too large body" error message was logged. Fix is to return 400 (Bad request) and log the "client intended to send body data larger than declared" error message, similarly to what HTTP/2 code does. Additionally, previously "client_max_body_size 0;" was incorrectly handled by the HTTP/3 code, resulting in 413 instead of no limit. This is also fixed by the correct checks added.
author Maxim Dounin <mdounin@mdounin.ru>
date Sat, 27 Apr 2024 18:17:03 +0300
parents 55a5a40dccde
children 51e0dc713784
files src/http/v3/ngx_http_v3_request.c
diffstat 1 files changed, 18 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/src/http/v3/ngx_http_v3_request.c	Sat Apr 27 18:16:27 2024 +0300
+++ b/src/http/v3/ngx_http_v3_request.c	Sat Apr 27 18:17:03 2024 +0300
@@ -1482,7 +1482,6 @@
 static ngx_int_t
 ngx_http_v3_request_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
 {
-    off_t                      max;
     size_t                     size;
     u_char                    *p;
     ngx_int_t                  rc;
@@ -1510,14 +1509,6 @@
         rb->rest = cscf->large_client_header_buffers.size;
     }
 
-    clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
-
-    max = r->headers_in.content_length_n;
-
-    if (max == -1 && clcf->client_max_body_size) {
-        max = clcf->client_max_body_size;
-    }
-
     out = NULL;
     ll = &out;
     last = 0;
@@ -1575,7 +1566,12 @@
 
                 /* rc == NGX_OK */
 
-                if (max != -1 && (uint64_t) (max - rb->received) < st->length) {
+                clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
+
+                if (clcf->client_max_body_size
+                    && (uint64_t) (clcf->client_max_body_size - rb->received)
+                       < st->length)
+                {
                     ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
                                   "client intended to send too large "
                                   "body: %O+%ui bytes",
@@ -1584,6 +1580,18 @@
                     return NGX_HTTP_REQUEST_ENTITY_TOO_LARGE;
                 }
 
+                if (r->headers_in.content_length_n != -1
+                    && (uint64_t) (r->headers_in.content_length_n
+                                   - rb->received)
+                       < st->length)
+                {
+                    ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                                  "client intended to send body data "
+                                  "larger than declared");
+
+                    return NGX_HTTP_BAD_REQUEST;
+                }
+
                 continue;
             }