diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2020-02-20 16:19:34 +0300 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2020-02-20 16:19:34 +0300 |
| commit | b4d6b70d7f2e8207df02ab354da907475dcab8a5 (patch) | |
| tree | 552fe50584226dfd77e8064d60b138bd1c40ec04 | |
| parent | e64d798edb9950ef32ab98c21c190b513a3e262c (diff) | |
| download | nginx-b4d6b70d7f2e8207df02ab354da907475dcab8a5.tar.gz | |
Removed "Transfer-Encoding: identity" support.
The "identity" transfer coding has been removed in RFC 7230. It is
believed that it is not used in real life, and at the same time it
provides a potential attack vector.
| -rw-r--r-- | src/http/ngx_http_request.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 85c980378..9e64fd293 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -1952,10 +1952,7 @@ ngx_http_process_request_header(ngx_http_request_t *r) r->headers_in.content_length_n = -1; r->headers_in.chunked = 1; - } else if (r->headers_in.transfer_encoding->value.len != 8 - || ngx_strncasecmp(r->headers_in.transfer_encoding->value.data, - (u_char *) "identity", 8) != 0) - { + } else { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent unknown \"Transfer-Encoding\": \"%V\"", &r->headers_in.transfer_encoding->value); |