Opened 6 weeks ago

Closed 6 weeks ago

#2066 closed defect (invalid)

When proxying 204 responses with a Transfer-Encoding body, the body is not decoded but the header is dropped

Reported by: arthur.darcet@… Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.19.x
Keywords: proxy Cc:
uname -a: Linux nginx-ingress-controller-lgckg 5.3.0-1036-gke #38-Ubuntu SMP Sun Sep 6 05:59:13 UTC 2020 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.15.10
built by gcc 8.3.0 (Debian 8.3.0-5)
built with OpenSSL 1.1.1b 26 Feb 2019
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --modules-path=/etc/nginx/modules --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_sub_module --with-http_v2_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-http_secure_link_module --with-http_gunzip_module --with-file-aio --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --without-http_uwsgi_module --without-http_scgi_module --with-cc-opt='-g -Og -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wno-deprecated-declarations -fno-strict-aliasing -D_FORTIFY_SOURCE=2 --param=ssp-buffer-size=4 -DTCP_FASTOPEN=23 -fPIC -I/root/.hunter/_Base/2c5c6fc/1daf6c5/92161a9/Install/include -Wno-cast-function-type -m64 -mtune=native' --with-ld-opt='-fPIE -fPIC -pie -Wl,-z,relro -Wl,-z,now -L/root/.hunter/_Base/2c5c6fc/1daf6c5/92161a9/Install/lib' --user=www-data --group=www-data --add-module=/tmp/build/ngx_devel_kit-0.3.1rc1 --add-module=/tmp/build/set-misc-nginx-module-0.32 --add-module=/tmp/build/headers-more-nginx-module-0.33 --add-module=/tmp/build/nginx-http-auth-digest-274490cec649e7300fea97fed13d84e596bbc0ce --add-module=/tmp/build/ngx_http_substitutions_filter_module-bc58cb11844bc42735bbaef7085ea86ace46d05b --add-module=/tmp/build/lua-nginx-module-fd90f4e8252e9d06419317fdf525b55c65e15a50 --add-module=/tmp/build/stream-lua-nginx-module-0.0.6rc5 --add-module=/tmp/build/lua-upstream-nginx-module-0.07 --add-module=/tmp/build/nginx-influxdb-module-0e2cb6cbf850a29c81e44be9e33d9a15d45c50e8 --add-dynamic-module=/tmp/build/nginx-opentracing-0.8.0/opentracing --add-dynamic-module=/tmp/build/ModSecurity-nginx-fc061a57a8b0abda79b17cbe103d78db803fa575 --add-dynamic-module=/tmp/build/ngx_http_geoip2_module-3.2 --add-module=/tmp/build/nginx_ajp_module-bf6cd93f2098b59260de8d494f0f4b1f11a84627 --add-module=/tmp/build/ngx_brotli

Description

While proxying from Server to Client through an nginx proxy_pass,

if Server returns this response :

HTTP/1.1 204 No Content
Transfer-Encoding: chunked

0

it is forwarded to the client as

HTTP/1.1 204 No Content

0

--

The problem is that the Transfer-Encoding header is stripped, but the body is not decoded at all.

I'm not an HTTP specialist, and I'm not exactly sure whether or not the initial 204 response with an "empty but chunked" body is valid ; however the response returned by nginx eventually is definitely invalid and makes some client crash (most notably the standard Node library will crash on this 204 with body response)

Change History (1)

comment:1 by Maxim Dounin, 6 weeks ago

Resolution: invalid
Status: newclosed

The original upstream server response is certainly is invalid: there should be no body in 204 responses, see RFC 7230:

All 1xx (Informational), 204 (No Content), and 304 (Not Modified)
responses do not include a message body.

So it is basically a 204 response with a meaningless Transfer-Encoding: chunked, followed by a garbage 0. The response as returned by nginx in your tests is similarly invalid, as the garbage data are forwarded to the client.

In nginx 1.19.1 and newer, the garbage data will be discarded, and an appropriate warning will be logged to the error log. If you prefer this behaviour, consider upgrading.

Note well that regardless of what nginx does with the response, the upstream server in question returns an invalid response and needs to be fixed.

Note: See TracTickets for help on using tickets.