[nginx] Reordered checks for Content-Length and Transfer-Encoding.
Maxim Dounin
mdounin at mdounin.ru
Sat Apr 27 15:56:46 UTC 2024
details: http://freenginx.org/hg/nginx/rev/55a5a40dccde
branches:
changeset: 9250:55a5a40dccde
user: Maxim Dounin <mdounin at mdounin.ru>
date: Sat Apr 27 18:16:27 2024 +0300
description:
Reordered checks for Content-Length and Transfer-Encoding.
This ensures that r->headers_in.content_length_n is not set when both
Content-Length and Transfer-Encoding headers are present, making it slightly
safer to use complex processing for 400 (Bad Request) errors.
diffstat:
src/http/ngx_http_request.c | 18 +++++++++---------
1 files changed, 9 insertions(+), 9 deletions(-)
diffs (35 lines):
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1968,6 +1968,15 @@ ngx_http_process_request_header(ngx_http
}
if (r->headers_in.content_length) {
+ if (r->headers_in.transfer_encoding) {
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "client sent \"Content-Length\" and "
+ "\"Transfer-Encoding\" headers "
+ "at the same time");
+ ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
+ return NGX_ERROR;
+ }
+
r->headers_in.content_length_n =
ngx_atoof(r->headers_in.content_length->value.data,
r->headers_in.content_length->value.len);
@@ -1993,15 +2002,6 @@ ngx_http_process_request_header(ngx_http
&& ngx_strncasecmp(r->headers_in.transfer_encoding->value.data,
(u_char *) "chunked", 7) == 0)
{
- if (r->headers_in.content_length) {
- ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
- "client sent \"Content-Length\" and "
- "\"Transfer-Encoding\" headers "
- "at the same time");
- ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
- return NGX_ERROR;
- }
-
r->headers_in.chunked = 1;
} else {
More information about the nginx-devel
mailing list