details: https://hg.nginx.org/nginx/rev/7a6afd584eb4 branches: changeset: 7893:7a6afd584eb4 user: Sergey Kandaurov <pluk...@nginx.com> date: Mon Aug 09 18:12:12 2021 +0300 description: Disabled HTTP/1.0 requests with Transfer-Encoding.
The latest HTTP/1.1 draft describes Transfer-Encoding in HTTP/1.0 as having potentially faulty message framing as that could have been forwarded without handling of the chunked encoding, and forbids processing subsequest requests over that connection: https://github.com/httpwg/http-core/issues/879. While handling of such requests is permitted, the most secure approach seems to reject them. diffstat: src/http/ngx_http_request.c | 8 ++++++++ 1 files changed, 8 insertions(+), 0 deletions(-) diffs (18 lines): diff -r 34a3a1a2d197 -r 7a6afd584eb4 src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c Wed Aug 04 21:27:51 2021 +0300 +++ b/src/http/ngx_http_request.c Mon Aug 09 18:12:12 2021 +0300 @@ -1983,6 +1983,14 @@ ngx_http_process_request_header(ngx_http } if (r->headers_in.transfer_encoding) { + if (r->http_version < NGX_HTTP_VERSION_11) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent HTTP/1.0 request with " + "\"Transfer-Encoding\" header"); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return NGX_ERROR; + } + if (r->headers_in.transfer_encoding->value.len == 7 && ngx_strncasecmp(r->headers_in.transfer_encoding->value.data, (u_char *) "chunked", 7) == 0) _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
