details: https://hg.nginx.org/nginx/rev/7a6afd584eb4
branches:
changeset: 7893:7a6afd584eb4
user: Sergey Kandaurov <pluknet@nginx.com>
date: Mon Aug 09 18:12:12 2021 +0300
description:
Disabled HTTP/1.0 requests with Transfer-Encoding.

The latest HTTP/1.1 draft describes Transfer-Encoding in HTTP/1.0 as having
potentially faulty message framing as that could have been forwarded without
handling of the chunked encoding, and forbids processing subsequest requests
over that connection: https://github.com/httpwg/http-core/issues/879.

While handling of such requests is permitted, the most secure approach seems
to reject them.

diffstat:

src/http/ngx_http_request.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)

diffs (18 lines):

diff -r 34a3a1a2d197 -r 7a6afd584eb4 src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Wed Aug 04 21:27:51 2021 +0300
+++ b/src/http/ngx_http_request.c Mon Aug 09 18:12:12 2021 +0300
@@ -1983,6 +1983,14 @@ ngx_http_process_request_header(ngx_http
}

if (r->headers_in.transfer_encoding) {
+ if (r->http_version < NGX_HTTP_VERSION_11) {
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "client sent HTTP/1.0 request with "
+ "\"Transfer-Encoding\" header");
+ ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
+ return NGX_ERROR;
+ }
+
if (r->headers_in.transfer_encoding->value.len == 7
&& ngx_strncasecmp(r->headers_in.transfer_encoding->value.data,
(u_char *) "chunked", 7) == 0)
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel