Mercurial > hg > nginx
changeset 7878:bea0f9e5c309
Disabled requests with both Content-Length and Transfer-Encoding.
HTTP clients are not allowed to generate such requests since Transfer-Encoding
introduction in RFC 2068, and they are not expected to appear in practice
except in attempts to perform a request smuggling attack. While handling of
such requests is strictly defined, the most secure approach seems to reject
them.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 28 Jun 2021 18:01:06 +0300 |
parents | 63c66b7cc07c |
children | b7407334c60d |
files | src/http/ngx_http_request.c |
diffstat | 1 files changed, 9 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/ngx_http_request.c Mon Jun 28 18:01:04 2021 +0300 +++ b/src/http/ngx_http_request.c Mon Jun 28 18:01:06 2021 +0300 @@ -1985,8 +1985,15 @@ && ngx_strncasecmp(r->headers_in.transfer_encoding->value.data, (u_char *) "chunked", 7) == 0) { - r->headers_in.content_length = NULL; - r->headers_in.content_length_n = -1; + if (r->headers_in.content_length) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent \"Content-Length\" and " + "\"Transfer-Encoding\" headers " + "at the same time"); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return NGX_ERROR; + } + r->headers_in.chunked = 1; } else {