From c4a4a6a5d8f5f110d2f8203052dc1861aedb061f Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Mon, 26 Nov 2012 18:00:14 +0000 Subject: Request body: improved handling of incorrect chunked request body. While discarding chunked request body in some cases after detecting request body corruption no error was returned, while it was possible to correctly return 400 Bad Request. If error is detected too late, make sure to properly close connection. Additionally, in ngx_http_special_response_handler() don't return body of 500 Internal Server Error to a client if ngx_http_discard_request_body() fails, but disable keepalive and continue. --- src/http/ngx_http_request_body.c | 19 +++++++++++++++---- src/http/ngx_http_special_response.c | 2 +- 2 files changed, 16 insertions(+), 5 deletions(-) (limited to 'src/http') diff --git a/src/http/ngx_http_request_body.c b/src/http/ngx_http_request_body.c index 90da11005..0b2f89ff5 100644 --- a/src/http/ngx_http_request_body.c +++ b/src/http/ngx_http_request_body.c @@ -471,12 +471,18 @@ ngx_http_discard_request_body(ngx_http_request_t *r) } } - if (ngx_http_read_discarded_request_body(r) == NGX_OK) { + rc = ngx_http_read_discarded_request_body(r); + + if (rc == NGX_OK) { r->lingering_close = 0; return NGX_OK; } - /* == NGX_AGAIN */ + if (rc >= NGX_HTTP_SPECIAL_RESPONSE) { + return rc; + } + + /* rc == NGX_AGAIN */ r->read_event_handler = ngx_http_discarded_request_body_handler; @@ -533,6 +539,12 @@ ngx_http_discarded_request_body_handler(ngx_http_request_t *r) return; } + if (rc >= NGX_HTTP_SPECIAL_RESPONSE) { + c->error = 1; + ngx_http_finalize_request(r, NGX_ERROR); + return; + } + /* rc == NGX_AGAIN */ if (ngx_handle_read_event(rev, 0) != NGX_OK) { @@ -606,8 +618,7 @@ ngx_http_read_discarded_request_body(ngx_http_request_t *r) rc = ngx_http_discard_request_body_filter(r, &b); if (rc != NGX_OK) { - r->connection->error = 1; - return NGX_OK; + return rc; } } } diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c index 318b52be2..875c24d9c 100644 --- a/src/http/ngx_http_special_response.c +++ b/src/http/ngx_http_special_response.c @@ -421,7 +421,7 @@ ngx_http_special_response_handler(ngx_http_request_t *r, ngx_int_t error) r->expect_tested = 1; if (ngx_http_discard_request_body(r) != NGX_OK) { - error = NGX_HTTP_INTERNAL_SERVER_ERROR; + r->keepalive = 0; } if (clcf->msie_refresh -- cgit