[nginx] Reordered checks for Content-Length and Transfer-Encoding.

Sat, 27 Apr 2024 08:56:58 -0700 

details:   http://freenginx.org/hg/nginx/rev/55a5a40dccde
branches:  
changeset: 9250:55a5a40dccde
user:      Maxim Dounin <mdou...@mdounin.ru>
date:      Sat Apr 27 18:16:27 2024 +0300
description:
Reordered checks for Content-Length and Transfer-Encoding.

This ensures that r->headers_in.content_length_n is not set when both
Content-Length and Transfer-Encoding headers are present, making it slightly
safer to use complex processing for 400 (Bad Request) errors.

diffstat:

 src/http/ngx_http_request.c |  18 +++++++++---------
 1 files changed, 9 insertions(+), 9 deletions(-)

diffs (35 lines):

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1968,6 +1968,15 @@ ngx_http_process_request_header(ngx_http
     }
 
     if (r->headers_in.content_length) {
+        if (r->headers_in.transfer_encoding) {
+            ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                          "client sent \"Content-Length\" and "
+                          "\"Transfer-Encoding\" headers "
+                          "at the same time");
+            ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
+            return NGX_ERROR;
+        }
+
         r->headers_in.content_length_n =
                             ngx_atoof(r->headers_in.content_length->value.data,
                                       r->headers_in.content_length->value.len);
@@ -1993,15 +2002,6 @@ ngx_http_process_request_header(ngx_http
             && ngx_strncasecmp(r->headers_in.transfer_encoding->value.data,
                                (u_char *) "chunked", 7) == 0)
         {
-            if (r->headers_in.content_length) {
-                ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
-                              "client sent \"Content-Length\" and "
-                              "\"Transfer-Encoding\" headers "
-                              "at the same time");
-                ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
-                return NGX_ERROR;
-            }
-
             r->headers_in.chunked = 1;
 
         } else {
-- 
nginx-devel mailing list
nginx-devel@freenginx.org
https://freenginx.org/mailman/listinfo/nginx-devel

Reply via email to