# HG changeset patch
# User Marin Stavrev
# Date 1579526641 -7200
# Mon Jan 20 15:24:01 2020 +0200
# Node ID bf238762fdaf03383c2f3c3718c401e6141e3935
# Parent 6439ef81e37dfccfc3a8c57fed278bf56014ef39
Fix for the HT on request headers problem (#1752)

When client send HTTP request with a header of Content-Length that starts with
horizontal tab character (HT=0x09), Nginx responds with HTTP 400 Bad Request.
According to HTTP RFC2616 section 4.2, "... The field value MAY be preceded by
any amount of LWS, though a single SP is preferred.". The difinition of LWS is:

LWS = [CRLF] 1*( SP | HT )

So a header such as the following should be processed fine:

Content-Length:<0x09>110\r\n

diff -r 6439ef81e37d -r bf238762fdaf src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c Fri Jan 17 12:13:02 2020 +0300
+++ b/src/http/ngx_http_parse.c Mon Jan 20 15:24:01 2020 +0200
@@ -1000,6 +1000,7 @@
case sw_space_before_value:
switch (ch) {
case ' ':
+ case '\x9':
break;
case CR:
r->header_start = p;
@@ -1023,6 +1024,7 @@
case sw_value:
switch (ch) {
case ' ':
+ case '\x9':
r->header_end = p;
state = sw_space_after_value;
break;
@@ -1042,6 +1044,7 @@
case sw_space_after_value:
switch (ch) {
case ' ':
+ case '\x9':
break;
case CR:
state = sw_almost_done;

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel