nghttpx: Return 413 if request header is too large

For now, if request has request body, we'll issue RST_STREAM to inform
the peer to stop sending body.  RST_STREAM may be sent before error
page header or data, so peer may receive RST_STREAM only.
This commit is contained in:
Tatsuhiro Tsujikawa 2014-06-27 22:53:54 +09:00
parent ca87b45fe4
commit 303f0f3fcd
1 changed files with 14 additions and 1 deletions

View File

@ -212,12 +212,21 @@ int on_header_callback(nghttp2_session *session,
return 0; return 0;
} }
if(downstream->get_request_headers_sum() > Downstream::MAX_HEADERS_SUM) { if(downstream->get_request_headers_sum() > Downstream::MAX_HEADERS_SUM) {
if(downstream->get_response_state() == Downstream::MSG_COMPLETE) {
return 0;
}
if(LOG_ENABLED(INFO)) { if(LOG_ENABLED(INFO)) {
ULOG(INFO, upstream) << "Too large header block size=" ULOG(INFO, upstream) << "Too large header block size="
<< downstream->get_request_headers_sum(); << downstream->get_request_headers_sum();
} }
if(upstream->error_reply(downstream, 413) != 0) {
return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
} }
return 0;
}
if(!http2::check_nv(name, namelen, value, valuelen)) { if(!http2::check_nv(name, namelen, value, valuelen)) {
return 0; return 0;
} }
@ -267,6 +276,10 @@ int on_request_headers(Http2Upstream *upstream,
{ {
int rv; int rv;
if(downstream->get_response_state() == Downstream::MSG_COMPLETE) {
return 0;
}
downstream->normalize_request_headers(); downstream->normalize_request_headers();
auto& nva = downstream->get_request_headers(); auto& nva = downstream->get_request_headers();