Opened 4 years ago

Closed 4 years ago

#1056 closed defect (wontfix)

Maximum Content-Length value

Reported by: davehope@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.9.x
Keywords: Cc:
uname -a: Linux FW01 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02) x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.6.2
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module --add-module=/build/nginx-ryOGNl/nginx-1.6.2/debian/modules/nginx-auth-pam --add-module=/build/nginx-ryOGNl/nginx-1.6.2/debian/modules/nginx-dav-ext-module --add-module=/build/nginx-ryOGNl/nginx-1.6.2/debian/modules/nginx-echo --add-module=/build/nginx-ryOGNl/nginx-1.6.2/debian/modules/nginx-upstream-fair --add-module=/build/nginx-ryOGNl/nginx-1.6.2/debian/modules/ngx_http_substitutions_filter_module

Description

In troubleshooting an issue I'm having publishing a Microsoft SSTP service (1) via ngx_http_proxy_module it appears that nginx returns a "400 Bad Request" when the Content-Length request header is a certain size.

2016/08/20 13:55:41 [debug] 5524#0: *1 http process request line
2016/08/20 13:55:41 [debug] 5524#0: *1 http request line: "SSTP_DUPLEX_POST /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ HTTP/1.1"
2016/08/20 13:55:41 [debug] 5524#0: *1 http uri: "/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/"
2016/08/20 13:55:41 [debug] 5524#0: *1 http args: ""
2016/08/20 13:55:41 [debug] 5524#0: *1 http exten: ""
2016/08/20 13:55:41 [debug] 5524#0: *1 http process request header line
2016/08/20 13:55:41 [debug] 5524#0: *1 http header: "SSTPCORRELATIONID: {D88F83A0-42C4-4835-95AA-1BC32C58C26A}"
2016/08/20 13:55:41 [debug] 5524#0: *1 http header: "Content-Length: 18446744073709551615"
2016/08/20 13:55:41 [debug] 5524#0: *1 http header: "Host: xxxx"
2016/08/20 13:55:41 [debug] 5524#0: *1 http header done
2016/08/20 13:55:41 [info] 5524#0: *1 client sent invalid "Content-Length" header while reading client request headers, client: 10.99.99.74, server: xxxx, request: "SSTP_DUPLEX_POST /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ HTTP/1.1", host: "xxxx"
2016/08/20 13:55:41 [debug] 5524#0: *1 http finalize request: 400, "/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/?" a:1, c:1
2016/08/20 13:55:41 [debug] 5524#0: *1 event timer del: 7: 1471697801120
2016/08/20 13:55:41 [debug] 5524#0: *1 http special response: 400, "/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/?"
2016/08/20 13:55:41 [debug] 5524#0: *1 http set discard body
2016/08/20 13:55:41 [debug] 5524#0: *1 xslt filter header
2016/08/20 13:55:41 [debug] 5524#0: *1 posix_memalign: 000000000137A860:4096 @16
2016/08/20 13:55:41 [debug] 5524#0: *1 HTTP/1.1 400 Bad Request
Server: nginx/1.6.2
Date: Sat, 20 Aug 2016 12:55:41 GMT
Content-Type: text/html
Content-Length: 172
Connection: close

An SSTP client will set the content-length request header to a constant size, 18446744073709551615 (corresponding to unsigned long long).

Following advise in #ngix, I've tried setting more_clear_input_headers from nginx-extras without success.

Looking at the HTTP RFC (2), it looks like a content-length value greater than or equal to 0 is a valid value.

[1] https://msdn.microsoft.com/en-us/library/cc247338.aspx
[2] https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13

Change History (1)

comment:1 by Maxim Dounin, 4 years ago

Resolution: wontfix
Status: newclosed

The error is returned as nginx is not able to parse the value provided. It uses off_t to store Content-Length, and thus can parse only up to 9223372036854775807 on most platforms. This is believed to be large enough for all real lengths.

Removing the header, even if possible, won't help, as for requests no Content-Length means no body. But even with this solved (e.g., some smaller fake value used instead), it won't be possible to use SSTP anyway, as it assumes bidirectional communication during proxying - not something nginx provides.

Correct approach nginx will be able to support is to use HTTP/1.1 Upgrade mechanism to switch the connection to a different protocol after an initial HTTP handshake, similar to what WebSockets use. Unfortunately, Microsoft decided to rely on HTTP hacks instead. This may work for them, but expectedly will have problems with reverse proxies like nginx.

If you want to proxy SSTP, consider using stream proxy module instead.

Note: See TracTickets for help on using tickets.