IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-12-19 21:53:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

SPDY: detect premature closing of stream.

Browse Source 
The SPDY/3.1 specification requires that the server must respond with
a 400 "Bad request" error if the sum of the data frame payload lengths
does not equal the size of the Content-Length header.

This also fixes "zero size buf in output" alert, that might be triggered
if client sends a greater than zero Content-Length header and closes
stream using the FIN flag with an empty request body.
This commit is contained in:
Valentin Bartenev 2014-03-28 20:22:57 +04:00
parent afb92a8127
commit ac5a3cbeee
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/http/ngx_http_spdy.c
View File

@ -1609,6 +1609,19 @@ ngx_http_spdy_state_read_data(ngx_http_spdy_connection_t *sc, u_char *pos,
stream->in_closed = 1;
if (r->headers_in.content_length_n < 0) {
r->headers_in.content_length_n = rb->rest;
} else if (r->headers_in.content_length_n != rb->rest) {
ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
"client prematurely closed stream: "
"%O of %O bytes of request body received",
rb->rest, r->headers_in.content_length_n);
stream->skip_data = NGX_SPDY_DATA_ERROR;
goto error;
}
if (tf) {
ngx_memzero(buf, sizeof(ngx_buf_t));
@ -1619,10 +1632,6 @@ ngx_http_spdy_state_read_data(ngx_http_spdy_connection_t *sc, u_char *pos,
rb->buf = NULL;
}
if (r->headers_in.content_length_n < 0) {
r->headers_in.content_length_n = rb->rest;
}
if (rb->post_handler) {
r->read_event_handler = ngx_http_block_reading;
rb->post_handler(r);