Welcome! Log In Create A New Profile

Advanced

[PATCH 02 of 20] FastCGI: combining headers with identical names (ticket #1724)

Maxim Dounin
April 20, 2022 06:42PM
# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1650492316 -10800
# Thu Apr 21 01:05:16 2022 +0300
# Node ID 61b29233a55216c6fa72e23b93a4a28d76a9fb94
# Parent e70fb0fdfbc0fb7b7e9f493cc2eb65de617b115a
FastCGI: combining headers with identical names (ticket #1724).

FastCGI responder is expected to receive CGI/1.1 environment variables
in the parameters (see section "6.2 Responder" of the FastCGI specification).
Obviously enough, there cannot be multiple environment variables with
the same name.

Further, CGI specification (RFC 3875, section "4.1.18. Protocol-Specific
Meta-Variables") explicitly requires to combine headers: "If multiple
header fields with the same field-name are received then the server MUST
rewrite them as a single value having the same semantics".

diff --git a/src/core/ngx_hash.h b/src/core/ngx_hash.h
--- a/src/core/ngx_hash.h
+++ b/src/core/ngx_hash.h
@@ -89,12 +89,15 @@ typedef struct {
} ngx_hash_keys_arrays_t;


-typedef struct {
+typedef struct ngx_table_elt_s ngx_table_elt_t;
+
+struct ngx_table_elt_s {
ngx_uint_t hash;
ngx_str_t key;
ngx_str_t value;
u_char *lowcase_key;
-} ngx_table_elt_t;
+ ngx_table_elt_t *next;
+};


void *ngx_hash_find(ngx_hash_t *hash, ngx_uint_t key, u_char *name, size_t len);
diff --git a/src/http/modules/ngx_http_fastcgi_module.c b/src/http/modules/ngx_http_fastcgi_module.c
--- a/src/http/modules/ngx_http_fastcgi_module.c
+++ b/src/http/modules/ngx_http_fastcgi_module.c
@@ -835,14 +835,14 @@ static ngx_int_t
ngx_http_fastcgi_create_request(ngx_http_request_t *r)
{
off_t file_pos;
- u_char ch, *pos, *lowcase_key;
+ u_char ch, sep, *pos, *lowcase_key;
size_t size, len, key_len, val_len, padding,
allocated;
ngx_uint_t i, n, next, hash, skip_empty, header_params;
ngx_buf_t *b;
ngx_chain_t *cl, *body;
ngx_list_part_t *part;
- ngx_table_elt_t *header, **ignored;
+ ngx_table_elt_t *header, *hn, **ignored;
ngx_http_upstream_t *u;
ngx_http_script_code_pt code;
ngx_http_script_engine_t e, le;
@@ -900,7 +900,11 @@ ngx_http_fastcgi_create_request(ngx_http
allocated = 0;
lowcase_key = NULL;

- if (params->number) {
+ if (ngx_http_link_multi_headers(r) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (params->number || r->headers_in.multi) {
n = 0;
part = &r->headers_in.headers.part;

@@ -930,6 +934,12 @@ ngx_http_fastcgi_create_request(ngx_http
i = 0;
}

+ for (n = 0; n < header_params; n++) {
+ if (&header[i] == ignored[n]) {
+ goto next_length;
+ }
+ }
+
if (params->number) {
if (allocated < header[i].key.len) {
allocated = header[i].key.len + 16;
@@ -959,15 +969,23 @@ ngx_http_fastcgi_create_request(ngx_http
ignored[header_params++] = &header[i];
continue;
}
-
- n += sizeof("HTTP_") - 1;
-
- } else {
- n = sizeof("HTTP_") - 1 + header[i].key.len;
}

- len += ((n > 127) ? 4 : 1) + ((header[i].value.len > 127) ? 4 : 1)
- + n + header[i].value.len;
+ key_len = sizeof("HTTP_") - 1 + header[i].key.len;
+
+ val_len = header[i].value.len;
+
+ for (hn = header[i].next; hn; hn = hn->next) {
+ val_len += hn->value.len + 2;
+ ignored[header_params++] = hn;
+ }
+
+ len += ((key_len > 127) ? 4 : 1) + key_len
+ + ((val_len > 127) ? 4 : 1) + val_len;
+
+ next_length:
+
+ continue;
}
}

@@ -1109,7 +1127,7 @@ ngx_http_fastcgi_create_request(ngx_http

for (n = 0; n < header_params; n++) {
if (&header[i] == ignored[n]) {
- goto next;
+ goto next_value;
}
}

@@ -1125,6 +1143,11 @@ ngx_http_fastcgi_create_request(ngx_http
}

val_len = header[i].value.len;
+
+ for (hn = header[i].next; hn; hn = hn->next) {
+ val_len += hn->value.len + 2;
+ }
+
if (val_len > 127) {
*b->last++ = (u_char) (((val_len >> 24) & 0x7f) | 0x80);
*b->last++ = (u_char) ((val_len >> 16) & 0xff);
@@ -1150,13 +1173,34 @@ ngx_http_fastcgi_create_request(ngx_http
*b->last++ = ch;
}

- b->last = ngx_copy(b->last, header[i].value.data, val_len);
+ b->last = ngx_copy(b->last, header[i].value.data,
+ header[i].value.len);
+
+ if (header[i].next) {
+
+ if (header[i].key.len == sizeof("Cookie") - 1
+ && ngx_strncasecmp(header[i].key.data, (u_char *) "Cookie",
+ sizeof("Cookie") - 1)
+ == 0)
+ {
+ sep = ';';
+
+ } else {
+ sep = ',';
+ }
+
+ for (hn = header[i].next; hn; hn = hn->next) {
+ *b->last++ = sep;
+ *b->last++ = ' ';
+ b->last = ngx_copy(b->last, hn->value.data, hn->value.len);
+ }
+ }

ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"fastcgi param: \"%*s: %*s\"",
key_len, b->last - (key_len + val_len),
val_len, b->last - val_len);
- next:
+ next_value:

continue;
}
diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@@ -2802,6 +2802,78 @@ ngx_http_get_forwarded_addr_internal(ngx
}


+ngx_int_t
+ngx_http_link_multi_headers(ngx_http_request_t *r)
+{
+ ngx_uint_t i, j;
+ ngx_list_part_t *part, *ppart;
+ ngx_table_elt_t *header, *pheader, **ph;
+
+ if (r->headers_in.multi_linked) {
+ return NGX_OK;
+ }
+
+ part = &r->headers_in.headers.part;
+ header = part->elts;
+
+ for (i = 0; /* void */; i++) {
+
+ if (i >= part->nelts) {
+ if (part->next == NULL) {
+ break;
+ }
+
+ part = part->next;
+ header = part->elts;
+ i = 0;
+ }
+
+ header[i].next = NULL;
+
+ /*
+ * search for previous headers with the same name;
+ * if there are any, link to them
+ */
+
+ ppart = &r->headers_in.headers.part;
+ pheader = part->elts;
+
+ for (j = 0; /* void */; j++) {
+
+ if (j >= ppart->nelts) {
+ if (ppart->next == NULL) {
+ break;
+ }
+
+ ppart = ppart->next;
+ pheader = ppart->elts;
+ i = 0;
+ }
+
+ if (part == ppart && i == j) {
+ break;
+ }
+
+ if (header[i].key.len == pheader[j].key.len
+ && ngx_strncasecmp(header[i].key.data, pheader[j].key.data,
+ header[i].key.len)
+ == 0)
+ {
+ ph = &pheader[j].next;
+ while (*ph) { ph = &(*ph)->next; }
+ *ph = &header[i];
+
+ r->headers_in.multi = 1;
+
+ break;
+ }
+ }
+ }
+
+ return NGX_OK;
+}
+
+
static char *
ngx_http_core_server(ngx_conf_t *cf, ngx_command_t *cmd, void *dummy)
{
diff --git a/src/http/ngx_http_core_module.h b/src/http/ngx_http_core_module.h
--- a/src/http/ngx_http_core_module.h
+++ b/src/http/ngx_http_core_module.h
@@ -532,6 +532,8 @@ ngx_int_t ngx_http_get_forwarded_addr(ng
ngx_array_t *headers, ngx_str_t *value, ngx_array_t *proxies,
int recursive);

+ngx_int_t ngx_http_link_multi_headers(ngx_http_request_t *r);
+

extern ngx_module_t ngx_http_core_module;

diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h
--- a/src/http/ngx_http_request.h
+++ b/src/http/ngx_http_request.h
@@ -242,6 +242,8 @@ typedef struct {

unsigned connection_type:2;
unsigned chunked:1;
+ unsigned multi:1;
+ unsigned multi_linked:1;
unsigned msie:1;
unsigned msie6:1;
unsigned opera:1;

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Subject Author Views Posted

[PATCH 00 of 20] multiple headers handling

Maxim Dounin 935 April 20, 2022 06:38PM

[PATCH 03 of 20] SCGI: combining headers with identical names (ticket #1724)

Maxim Dounin 233 April 20, 2022 06:40PM

[PATCH 02 of 20] FastCGI: combining headers with identical names (ticket #1724)

Maxim Dounin 186 April 20, 2022 06:42PM

Re: [PATCH 02 of 20] FastCGI: combining headers with identical names (ticket #1724)

Sergey Kandaurov 240 May 11, 2022 11:36AM

Re: [PATCH 02 of 20] FastCGI: combining headers with identical names (ticket #1724)

Maxim Dounin 148 May 12, 2022 06:34PM

Re: [PATCH 02 of 20] FastCGI: combining headers with identical names (ticket #1724)

Sergey Kandaurov 250 May 13, 2022 10:06AM

Re: [PATCH 02 of 20] FastCGI: combining headers with identical names (ticket #1724)

Sergey Kandaurov 156 May 13, 2022 10:06AM

[PATCH 04 of 20] Uwsgi: combining headers with identical names (ticket #1724)

Maxim Dounin 204 April 20, 2022 06:44PM

[PATCH 08 of 20] Perl: all known input headers are handled identically

Maxim Dounin 276 April 20, 2022 06:44PM

[PATCH 10 of 20] Upstream: style

Maxim Dounin 239 April 20, 2022 06:46PM

[PATCH 07 of 20] All non-unique input headers are now linked lists

Maxim Dounin 322 April 20, 2022 06:48PM

Re: [PATCH 07 of 20] All non-unique input headers are now linked lists

Sergey Kandaurov 307 May 11, 2022 03:44PM

Re: [PATCH 07 of 20] All non-unique input headers are now linked lists

Maxim Dounin 154 May 12, 2022 07:56PM

[PATCH 09 of 20] Perl: combining unknown headers during $r->header_in() lookup

Maxim Dounin 181 April 20, 2022 06:50PM

[PATCH 12 of 20] Upstream: simplified Accept-Ranges handling

Maxim Dounin 337 April 20, 2022 06:52PM

[PATCH 11 of 20] Upstream: simplified Content-Encoding handling

Maxim Dounin 236 April 20, 2022 06:54PM

Re: [PATCH 11 of 20] Upstream: simplified Content-Encoding handling

Sergey Kandaurov 193 May 11, 2022 04:02PM

Re: [PATCH 11 of 20] Upstream: simplified Content-Encoding handling

Maxim Dounin 180 May 12, 2022 08:20PM

[PATCH 05 of 20] Combining unknown headers during variables lookup (ticket #1316)

Maxim Dounin 163 April 20, 2022 06:56PM

Re: [PATCH 05 of 20] Combining unknown headers during variables lookup (ticket #1316)

Sergey Kandaurov 203 May 11, 2022 12:12PM

Re: [PATCH 05 of 20] Combining unknown headers during variables lookup (ticket #1316)

Maxim Dounin 268 May 12, 2022 07:18PM

[PATCH 06 of 20] Reworked multi headers to use linked lists

Maxim Dounin 248 April 20, 2022 06:58PM

Re: [PATCH 06 of 20] Reworked multi headers to use linked lists

Sergey Kandaurov 176 May 11, 2022 03:24PM

Re: [PATCH 06 of 20] Reworked multi headers to use linked lists

Maxim Dounin 199 May 12, 2022 07:44PM

Re: [PATCH 06 of 20] Reworked multi headers to use linked lists

Sergey Kandaurov 342 June 13, 2022 01:08PM

Re: [PATCH 06 of 20] Reworked multi headers to use linked lists

Maxim Dounin 186 June 13, 2022 06:52PM

[PATCH 14 of 20] Upstream: all known headers in u->headers_in are linked lists now

Maxim Dounin 231 April 20, 2022 07:00PM

[PATCH 13 of 20] All known output headers can be linked lists now

Maxim Dounin 169 April 20, 2022 07:02PM

[PATCH 15 of 20] Upstream: header handlers can now return parsing errors

Maxim Dounin 155 April 20, 2022 07:04PM

Re: [PATCH 15 of 20] Upstream: header handlers can now return parsing errors

Sergey Kandaurov 171 May 11, 2022 04:30PM

Re: [PATCH 15 of 20] Upstream: header handlers can now return parsing errors

Maxim Dounin 179 May 12, 2022 08:26PM

[PATCH 17 of 20] Upstream: handling of multiple Vary headers (ticket #1423)

Maxim Dounin 196 April 20, 2022 07:06PM

Re: [PATCH 17 of 20] Upstream: handling of multiple Vary headers (ticket #1423)

Sergey Kandaurov 181 May 11, 2022 04:48PM

Re: [PATCH 17 of 20] Upstream: handling of multiple Vary headers (ticket #1423)

Maxim Dounin 149 May 12, 2022 08:52PM

[PATCH 18 of 20] Upstream: multiple WWW-Authenticate headers (ticket #485)

Maxim Dounin 163 April 20, 2022 07:08PM

Re: [PATCH 18 of 20] Upstream: multiple WWW-Authenticate headers (ticket #485)

Sergey Kandaurov 192 May 11, 2022 05:06PM

Re: [PATCH 18 of 20] Upstream: multiple WWW-Authenticate headers (ticket #485)

Maxim Dounin 160 May 12, 2022 10:00PM

Re: [PATCH 18 of 20] Upstream: multiple WWW-Authenticate headers (ticket #485)

Sergey Kandaurov 174 May 20, 2022 09:56AM

Re: [PATCH 18 of 20] Upstream: multiple WWW-Authenticate headers (ticket #485)

Maxim Dounin 166 May 20, 2022 05:10PM

[PATCH 16 of 20] Upstream: duplicate headers ignored or properly linked

Maxim Dounin 209 April 20, 2022 07:10PM

Re: [PATCH 16 of 20] Upstream: duplicate headers ignored or properly linked

Sergey Kandaurov 157 May 11, 2022 04:36PM

Re: [PATCH 16 of 20] Upstream: duplicate headers ignored or properly linked

Maxim Dounin 520 May 12, 2022 08:36PM

[PATCH 20 of 20] Headers filter: improved memory allocation error handling

Maxim Dounin 205 April 20, 2022 07:12PM

[PATCH 19 of 20] Auth request: multiple WWW-Authenticate headers (ticket #485)

Maxim Dounin 213 April 20, 2022 07:14PM

[PATCH 00 of 10] multiple headers tests

Maxim Dounin 203 April 20, 2022 07:16PM

[PATCH 01 of 10] Tests: tests for passing Date and Server headers

Maxim Dounin 164 April 20, 2022 07:18PM

[PATCH 02 of 10] Tests: fastcgi tests for combining headers

Maxim Dounin 226 April 20, 2022 07:20PM

[PATCH 03 of 10] Tests: scgi tests for combining headers

Maxim Dounin 171 April 20, 2022 07:20PM

[PATCH 04 of 10] Tests: uwsgi tests for combining headers

Maxim Dounin 140 April 20, 2022 07:22PM

[PATCH 07 of 10] Tests: perl $r->header_in() combining headers test

Maxim Dounin 154 April 20, 2022 07:24PM

[PATCH 09 of 10] Tests: tests for multiple Vary headers (ticket #1423)

Maxim Dounin 157 April 20, 2022 07:26PM

[PATCH 06 of 10] Tests: perl $r->header_in("Connection") test

Maxim Dounin 160 April 20, 2022 07:28PM

[PATCH 05 of 10] Tests: tests for various http header variables

Maxim Dounin 212 April 20, 2022 07:30PM

[PATCH 08 of 10] Tests: tests for duplicate response headers

Maxim Dounin 174 April 20, 2022 07:32PM

[PATCH 10 of 10] Tests: tests for multiple WWW-Authenticate headers (ticket #485)

Maxim Dounin 187 April 20, 2022 07:34PM

Re: [PATCH 00 of 10] multiple headers tests

Sergey Kandaurov 208 May 31, 2022 07:14PM

Re: [PATCH 00 of 10] multiple headers tests

Maxim Dounin 146 June 03, 2022 07:26PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 231
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready