Upstream: header handlers can now return parsing errors.
With this change, duplicate Content-Length and Transfer-Encoding headers are now rejected. Further, responses with invalid Content-Length or Transfer-Encoding headers are now rejected, as well as responses with both Content-Length and Transfer-Encoding.
This commit is contained in:
Maxim Dounin
parent
4e5ce1fa2e
commit
47e9ce390d
|
|
@ -2007,8 +2007,12 @@ ngx_http_fastcgi_process_header(ngx_http_request_t *r)
|
|||
hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
|
||||
h->lowcase_key, h->key.len);
|
||||
|
||||
if (hh && hh->handler(r, h, hh->offset) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
if (hh) {
|
||||
rc = hh->handler(r, h, hh->offset);
|
||||
|
||||
if (rc != NGX_OK) {
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
||||
|
|
|
|||
|
|
@ -1891,8 +1891,12 @@ ngx_http_grpc_process_header(ngx_http_request_t *r)
|
|||
hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
|
||||
h->lowcase_key, h->key.len);
|
||||
|
||||
if (hh && hh->handler(r, h, hh->offset) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
if (hh) {
|
||||
rc = hh->handler(r, h, hh->offset);
|
||||
|
||||
if (rc != NGX_OK) {
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
|
||||
continue;
|
||||
|
|
|
|||
|
|
@ -1930,8 +1930,12 @@ ngx_http_proxy_process_header(ngx_http_request_t *r)
|
|||
hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
|
||||
h->lowcase_key, h->key.len);
|
||||
|
||||
if (hh && hh->handler(r, h, hh->offset) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
if (hh) {
|
||||
rc = hh->handler(r, h, hh->offset);
|
||||
|
||||
if (rc != NGX_OK) {
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
||||
|
|
|
|||
|
|
@ -1114,8 +1114,12 @@ ngx_http_scgi_process_header(ngx_http_request_t *r)
|
|||
hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
|
||||
h->lowcase_key, h->key.len);
|
||||
|
||||
if (hh && hh->handler(r, h, hh->offset) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
if (hh) {
|
||||
rc = hh->handler(r, h, hh->offset);
|
||||
|
||||
if (rc != NGX_OK) {
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
||||
|
|
|
|||
|
|
@ -1340,8 +1340,12 @@ ngx_http_uwsgi_process_header(ngx_http_request_t *r)
|
|||
hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
|
||||
h->lowcase_key, h->key.len);
|
||||
|
||||
if (hh && hh->handler(r, h, hh->offset) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
if (hh) {
|
||||
rc = hh->handler(r, h, hh->offset);
|
||||
|
||||
if (rc != NGX_OK) {
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
||||
|
|
|
|||
|
|
@ -4633,10 +4633,34 @@ ngx_http_upstream_process_content_length(ngx_http_request_t *r,
|
|||
|
||||
u = r->upstream;
|
||||
|
||||
if (u->headers_in.content_length) {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
||||
"upstream sent duplicate header line: \"%V: %V\", "
|
||||
"previous value: \"%V: %V\"",
|
||||
&h->key, &h->value,
|
||||
&u->headers_in.content_length->key,
|
||||
&u->headers_in.content_length->value);
|
||||
return NGX_HTTP_UPSTREAM_INVALID_HEADER;
|
||||
}
|
||||
|
||||
if (u->headers_in.transfer_encoding) {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
||||
"upstream sent \"Content-Length\" and "
|
||||
"\"Transfer-Encoding\" headers at the same time");
|
||||
return NGX_HTTP_UPSTREAM_INVALID_HEADER;
|
||||
}
|
||||
|
||||
h->next = NULL;
|
||||
u->headers_in.content_length = h;
|
||||
u->headers_in.content_length_n = ngx_atoof(h->value.data, h->value.len);
|
||||
|
||||
if (u->headers_in.content_length_n == NGX_ERROR) {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
||||
"upstream sent invalid \"Content-Length\" header: "
|
||||
"\"%V: %V\"", &h->key, &h->value);
|
||||
return NGX_HTTP_UPSTREAM_INVALID_HEADER;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
|
@ -5021,14 +5045,37 @@ ngx_http_upstream_process_transfer_encoding(ngx_http_request_t *r,
|
|||
ngx_http_upstream_t *u;
|
||||
|
||||
u = r->upstream;
|
||||
|
||||
if (u->headers_in.transfer_encoding) {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
||||
"upstream sent duplicate header line: \"%V: %V\", "
|
||||
"previous value: \"%V: %V\"",
|
||||
&h->key, &h->value,
|
||||
&u->headers_in.transfer_encoding->key,
|
||||
&u->headers_in.transfer_encoding->value);
|
||||
return NGX_HTTP_UPSTREAM_INVALID_HEADER;
|
||||
}
|
||||
|
||||
if (u->headers_in.content_length) {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
||||
"upstream sent \"Content-Length\" and "
|
||||
"\"Transfer-Encoding\" headers at the same time");
|
||||
return NGX_HTTP_UPSTREAM_INVALID_HEADER;
|
||||
}
|
||||
|
||||
u->headers_in.transfer_encoding = h;
|
||||
h->next = NULL;
|
||||
|
||||
if (ngx_strlcasestrn(h->value.data, h->value.data + h->value.len,
|
||||
(u_char *) "chunked", 7 - 1)
|
||||
!= NULL)
|
||||
if (h->value.len == 7
|
||||
&& ngx_strncasecmp(h->value.data, (u_char *) "chunked", 7) == 0)
|
||||
{
|
||||
u->headers_in.chunked = 1;
|
||||
|
||||
} else {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
||||
"upstream sent unknown \"Transfer-Encoding\": \"%V\"",
|
||||
&h->value);
|
||||
return NGX_HTTP_UPSTREAM_INVALID_HEADER;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
|
|
|
|||
Loading…
Reference in New Issue