Mercurial > hg > nginx
changeset 9250:55a5a40dccde
Reordered checks for Content-Length and Transfer-Encoding.
This ensures that r->headers_in.content_length_n is not set when both
Content-Length and Transfer-Encoding headers are present, making it slightly
safer to use complex processing for 400 (Bad Request) errors.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sat, 27 Apr 2024 18:16:27 +0300 |
parents | afd36b161859 |
children | 3728a0ed243a |
files | src/http/ngx_http_request.c |
diffstat | 1 files changed, 9 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/ngx_http_request.c Sun Apr 14 12:23:40 2024 +0200 +++ b/src/http/ngx_http_request.c Sat Apr 27 18:16:27 2024 +0300 @@ -1968,6 +1968,15 @@ } if (r->headers_in.content_length) { + if (r->headers_in.transfer_encoding) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent \"Content-Length\" and " + "\"Transfer-Encoding\" headers " + "at the same time"); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return NGX_ERROR; + } + r->headers_in.content_length_n = ngx_atoof(r->headers_in.content_length->value.data, r->headers_in.content_length->value.len); @@ -1993,15 +2002,6 @@ && ngx_strncasecmp(r->headers_in.transfer_encoding->value.data, (u_char *) "chunked", 7) == 0) { - if (r->headers_in.content_length) { - ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client sent \"Content-Length\" and " - "\"Transfer-Encoding\" headers " - "at the same time"); - ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); - return NGX_ERROR; - } - r->headers_in.chunked = 1; } else {