Maxim Dounin
April 20, 2022 07:04PM
# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1650492336 -10800
# Thu Apr 21 01:05:36 2022 +0300
# Node ID ab424b5e32405aeec54ccdfe38e9408209209e0a
# Parent b110c54778e8f6af3ea402c0838a4f289dcd813e
Upstream: header handlers can now return parsing errors.

With this change, duplicate Content-Length and Transfer-Encoding headers
are now rejected. Further, responses with invalid Content-Length or
Transfer-Encoding headers are now rejected, as well as responses with both
Content-Length and Transfer-Encoding.

diff --git a/src/http/modules/ngx_http_fastcgi_module.c b/src/http/modules/ngx_http_fastcgi_module.c
--- a/src/http/modules/ngx_http_fastcgi_module.c
+++ b/src/http/modules/ngx_http_fastcgi_module.c
@@ -2007,8 +2007,12 @@ ngx_http_fastcgi_process_header(ngx_http
hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
h->lowcase_key, h->key.len);

- if (hh && hh->handler(r, h, hh->offset) != NGX_OK) {
- return NGX_ERROR;
+ if (hh) {
+ rc = hh->handler(r, h, hh->offset);
+
+ if (rc != NGX_OK) {
+ return rc;
+ }
}

ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c
--- a/src/http/modules/ngx_http_grpc_module.c
+++ b/src/http/modules/ngx_http_grpc_module.c
@@ -1891,8 +1891,12 @@ ngx_http_grpc_process_header(ngx_http_re
hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
h->lowcase_key, h->key.len);

- if (hh && hh->handler(r, h, hh->offset) != NGX_OK) {
- return NGX_ERROR;
+ if (hh) {
+ rc = hh->handler(r, h, hh->offset);
+
+ if (rc != NGX_OK) {
+ return rc;
+ }
}

continue;
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -1930,8 +1930,12 @@ ngx_http_proxy_process_header(ngx_http_r
hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
h->lowcase_key, h->key.len);

- if (hh && hh->handler(r, h, hh->offset) != NGX_OK) {
- return NGX_ERROR;
+ if (hh) {
+ rc = hh->handler(r, h, hh->offset);
+
+ if (rc != NGX_OK) {
+ return rc;
+ }
}

ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
diff --git a/src/http/modules/ngx_http_scgi_module.c b/src/http/modules/ngx_http_scgi_module.c
--- a/src/http/modules/ngx_http_scgi_module.c
+++ b/src/http/modules/ngx_http_scgi_module.c
@@ -1114,8 +1114,12 @@ ngx_http_scgi_process_header(ngx_http_re
hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
h->lowcase_key, h->key.len);

- if (hh && hh->handler(r, h, hh->offset) != NGX_OK) {
- return NGX_ERROR;
+ if (hh) {
+ rc = hh->handler(r, h, hh->offset);
+
+ if (rc != NGX_OK) {
+ return rc;
+ }
}

ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c
--- a/src/http/modules/ngx_http_uwsgi_module.c
+++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -1340,8 +1340,12 @@ ngx_http_uwsgi_process_header(ngx_http_r
hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
h->lowcase_key, h->key.len);

- if (hh && hh->handler(r, h, hh->offset) != NGX_OK) {
- return NGX_ERROR;
+ if (hh) {
+ rc = hh->handler(r, h, hh->offset);
+
+ if (rc != NGX_OK) {
+ return rc;
+ }
}

ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -4633,10 +4633,34 @@ ngx_http_upstream_process_content_length

u = r->upstream;

+ if (u->headers_in.content_length) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "upstream sent duplicate header line: \"%V: %V\", "
+ "previous value: \"%V: %V\"",
+ &h->key, &h->value,
+ &u->headers_in.content_length->key,
+ &u->headers_in.content_length->value);
+ return NGX_HTTP_UPSTREAM_INVALID_HEADER;
+ }
+
+ if (u->headers_in.transfer_encoding) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "upstream sent \"Content-Length\" and "
+ "\"Transfer-Encoding\" headers at the same time");
+ return NGX_HTTP_UPSTREAM_INVALID_HEADER;
+ }
+
h->next = NULL;
u->headers_in.content_length = h;
u->headers_in.content_length_n = ngx_atoof(h->value.data, h->value.len);

+ if (u->headers_in.content_length_n == NGX_ERROR) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "upstream sent invalid \"Content-Length\" header: "
+ "\"%V: %V\"", &h->key, &h->value);
+ return NGX_HTTP_UPSTREAM_INVALID_HEADER;
+ }
+
return NGX_OK;
}

@@ -5021,14 +5045,37 @@ ngx_http_upstream_process_transfer_encod
ngx_http_upstream_t *u;

u = r->upstream;
+
+ if (u->headers_in.transfer_encoding) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "upstream sent duplicate header line: \"%V: %V\", "
+ "previous value: \"%V: %V\"",
+ &h->key, &h->value,
+ &u->headers_in.transfer_encoding->key,
+ &u->headers_in.transfer_encoding->value);
+ return NGX_HTTP_UPSTREAM_INVALID_HEADER;
+ }
+
+ if (u->headers_in.content_length) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "upstream sent \"Content-Length\" and "
+ "\"Transfer-Encoding\" headers at the same time");
+ return NGX_HTTP_UPSTREAM_INVALID_HEADER;
+ }
+
u->headers_in.transfer_encoding = h;
h->next = NULL;

- if (ngx_strlcasestrn(h->value.data, h->value.data + h->value.len,
- (u_char *) "chunked", 7 - 1)
- != NULL)
+ if (h->value.len == 7
+ && ngx_strncasecmp(h->value.data, (u_char *) "chunked", 7) == 0)
{
u->headers_in.chunked = 1;
+
+ } else {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "upstream sent unknown \"Transfer-Encoding\": \"%V\"",
+ &h->value);
+ return NGX_HTTP_UPSTREAM_INVALID_HEADER;
}

return NGX_OK;

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Subject Author Views Posted

[PATCH 00 of 20] multiple headers handling

Maxim Dounin 949 April 20, 2022 06:38PM

[PATCH 03 of 20] SCGI: combining headers with identical names (ticket #1724)

Maxim Dounin 239 April 20, 2022 06:40PM

[PATCH 02 of 20] FastCGI: combining headers with identical names (ticket #1724)

Maxim Dounin 192 April 20, 2022 06:42PM

Re: [PATCH 02 of 20] FastCGI: combining headers with identical names (ticket #1724)

Sergey Kandaurov 240 May 11, 2022 11:36AM

Re: [PATCH 02 of 20] FastCGI: combining headers with identical names (ticket #1724)

Maxim Dounin 154 May 12, 2022 06:34PM

Re: [PATCH 02 of 20] FastCGI: combining headers with identical names (ticket #1724)

Sergey Kandaurov 251 May 13, 2022 10:06AM

Re: [PATCH 02 of 20] FastCGI: combining headers with identical names (ticket #1724)

Sergey Kandaurov 158 May 13, 2022 10:06AM

[PATCH 04 of 20] Uwsgi: combining headers with identical names (ticket #1724)

Maxim Dounin 206 April 20, 2022 06:44PM

[PATCH 08 of 20] Perl: all known input headers are handled identically

Maxim Dounin 276 April 20, 2022 06:44PM

[PATCH 10 of 20] Upstream: style

Maxim Dounin 242 April 20, 2022 06:46PM

[PATCH 07 of 20] All non-unique input headers are now linked lists

Maxim Dounin 324 April 20, 2022 06:48PM

Re: [PATCH 07 of 20] All non-unique input headers are now linked lists

Sergey Kandaurov 309 May 11, 2022 03:44PM

Re: [PATCH 07 of 20] All non-unique input headers are now linked lists

Maxim Dounin 156 May 12, 2022 07:56PM

[PATCH 09 of 20] Perl: combining unknown headers during $r->header_in() lookup

Maxim Dounin 186 April 20, 2022 06:50PM

[PATCH 12 of 20] Upstream: simplified Accept-Ranges handling

Maxim Dounin 338 April 20, 2022 06:52PM

[PATCH 11 of 20] Upstream: simplified Content-Encoding handling

Maxim Dounin 238 April 20, 2022 06:54PM

Re: [PATCH 11 of 20] Upstream: simplified Content-Encoding handling

Sergey Kandaurov 197 May 11, 2022 04:02PM

Re: [PATCH 11 of 20] Upstream: simplified Content-Encoding handling

Maxim Dounin 186 May 12, 2022 08:20PM

[PATCH 05 of 20] Combining unknown headers during variables lookup (ticket #1316)

Maxim Dounin 169 April 20, 2022 06:56PM

Re: [PATCH 05 of 20] Combining unknown headers during variables lookup (ticket #1316)

Sergey Kandaurov 206 May 11, 2022 12:12PM

Re: [PATCH 05 of 20] Combining unknown headers during variables lookup (ticket #1316)

Maxim Dounin 270 May 12, 2022 07:18PM

[PATCH 06 of 20] Reworked multi headers to use linked lists

Maxim Dounin 253 April 20, 2022 06:58PM

Re: [PATCH 06 of 20] Reworked multi headers to use linked lists

Sergey Kandaurov 178 May 11, 2022 03:24PM

Re: [PATCH 06 of 20] Reworked multi headers to use linked lists

Maxim Dounin 202 May 12, 2022 07:44PM

Re: [PATCH 06 of 20] Reworked multi headers to use linked lists

Sergey Kandaurov 348 June 13, 2022 01:08PM

Re: [PATCH 06 of 20] Reworked multi headers to use linked lists

Maxim Dounin 188 June 13, 2022 06:52PM

[PATCH 14 of 20] Upstream: all known headers in u->headers_in are linked lists now

Maxim Dounin 233 April 20, 2022 07:00PM

[PATCH 13 of 20] All known output headers can be linked lists now

Maxim Dounin 172 April 20, 2022 07:02PM

[PATCH 15 of 20] Upstream: header handlers can now return parsing errors

Maxim Dounin 158 April 20, 2022 07:04PM

Re: [PATCH 15 of 20] Upstream: header handlers can now return parsing errors

Sergey Kandaurov 174 May 11, 2022 04:30PM

Re: [PATCH 15 of 20] Upstream: header handlers can now return parsing errors

Maxim Dounin 179 May 12, 2022 08:26PM

[PATCH 17 of 20] Upstream: handling of multiple Vary headers (ticket #1423)

Maxim Dounin 197 April 20, 2022 07:06PM

Re: [PATCH 17 of 20] Upstream: handling of multiple Vary headers (ticket #1423)

Sergey Kandaurov 186 May 11, 2022 04:48PM

Re: [PATCH 17 of 20] Upstream: handling of multiple Vary headers (ticket #1423)

Maxim Dounin 152 May 12, 2022 08:52PM

[PATCH 18 of 20] Upstream: multiple WWW-Authenticate headers (ticket #485)

Maxim Dounin 164 April 20, 2022 07:08PM

Re: [PATCH 18 of 20] Upstream: multiple WWW-Authenticate headers (ticket #485)

Sergey Kandaurov 194 May 11, 2022 05:06PM

Re: [PATCH 18 of 20] Upstream: multiple WWW-Authenticate headers (ticket #485)

Maxim Dounin 162 May 12, 2022 10:00PM

Re: [PATCH 18 of 20] Upstream: multiple WWW-Authenticate headers (ticket #485)

Sergey Kandaurov 176 May 20, 2022 09:56AM

Re: [PATCH 18 of 20] Upstream: multiple WWW-Authenticate headers (ticket #485)

Maxim Dounin 166 May 20, 2022 05:10PM

[PATCH 16 of 20] Upstream: duplicate headers ignored or properly linked

Maxim Dounin 215 April 20, 2022 07:10PM

Re: [PATCH 16 of 20] Upstream: duplicate headers ignored or properly linked

Sergey Kandaurov 162 May 11, 2022 04:36PM

Re: [PATCH 16 of 20] Upstream: duplicate headers ignored or properly linked

Maxim Dounin 528 May 12, 2022 08:36PM

[PATCH 20 of 20] Headers filter: improved memory allocation error handling

Maxim Dounin 207 April 20, 2022 07:12PM

[PATCH 19 of 20] Auth request: multiple WWW-Authenticate headers (ticket #485)

Maxim Dounin 216 April 20, 2022 07:14PM

[PATCH 00 of 10] multiple headers tests

Maxim Dounin 208 April 20, 2022 07:16PM

[PATCH 01 of 10] Tests: tests for passing Date and Server headers

Maxim Dounin 167 April 20, 2022 07:18PM

[PATCH 02 of 10] Tests: fastcgi tests for combining headers

Maxim Dounin 229 April 20, 2022 07:20PM

[PATCH 03 of 10] Tests: scgi tests for combining headers

Maxim Dounin 174 April 20, 2022 07:20PM

[PATCH 04 of 10] Tests: uwsgi tests for combining headers

Maxim Dounin 143 April 20, 2022 07:22PM

[PATCH 07 of 10] Tests: perl $r->header_in() combining headers test

Maxim Dounin 157 April 20, 2022 07:24PM

[PATCH 09 of 10] Tests: tests for multiple Vary headers (ticket #1423)

Maxim Dounin 162 April 20, 2022 07:26PM

[PATCH 06 of 10] Tests: perl $r->header_in("Connection") test

Maxim Dounin 164 April 20, 2022 07:28PM

[PATCH 05 of 10] Tests: tests for various http header variables

Maxim Dounin 214 April 20, 2022 07:30PM

[PATCH 08 of 10] Tests: tests for duplicate response headers

Maxim Dounin 177 April 20, 2022 07:32PM

[PATCH 10 of 10] Tests: tests for multiple WWW-Authenticate headers (ticket #485)

Maxim Dounin 190 April 20, 2022 07:34PM

Re: [PATCH 00 of 10] multiple headers tests

Sergey Kandaurov 212 May 31, 2022 07:14PM

Re: [PATCH 00 of 10] multiple headers tests

Maxim Dounin 150 June 03, 2022 07:26PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 135
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready