diff options
author | Sergey Kandaurov <pluknet@nginx.com> | 2021-08-09 18:12:12 +0300 |
---|---|---|
committer | Sergey Kandaurov <pluknet@nginx.com> | 2021-08-09 18:12:12 +0300 |
commit | 7bcb50c0610a18bf43bef0062b2d2dc550823b53 (patch) | |
tree | c780c95190f6db507cf676420d9c4c83cfe8f108 | |
parent | 02bd43d05b6f7803597d8453d9848b767dc4a323 (diff) | |
download | nginx-7bcb50c0610a18bf43bef0062b2d2dc550823b53.tar.gz |
Disabled HTTP/1.0 requests with Transfer-Encoding.
The latest HTTP/1.1 draft describes Transfer-Encoding in HTTP/1.0 as having
potentially faulty message framing as that could have been forwarded without
handling of the chunked encoding, and forbids processing subsequest requests
over that connection: https://github.com/httpwg/http-core/issues/879.
While handling of such requests is permitted, the most secure approach seems
to reject them.
-rw-r--r-- | src/http/ngx_http_request.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 2d1845d02..bf931bf35 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -1983,6 +1983,14 @@ ngx_http_process_request_header(ngx_http_request_t *r) } if (r->headers_in.transfer_encoding) { + if (r->http_version < NGX_HTTP_VERSION_11) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent HTTP/1.0 request with " + "\"Transfer-Encoding\" header"); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return NGX_ERROR; + } + if (r->headers_in.transfer_encoding->value.len == 7 && ngx_strncasecmp(r->headers_in.transfer_encoding->value.data, (u_char *) "chunked", 7) == 0) |