Opened 3 years ago
Closed 3 years ago
#2209 closed defect (wontfix)
HTTP version 01.1 and 1.01 accepted
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.19.x |
| Keywords: | Cc: | asta12@… | |
| uname -a: | Linux asta 5.8.0-1032-gcp #34~20.04.1-Ubuntu SMP Wed May 19 18:19:35 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.18.0 (Ubuntu)
built with OpenSSL 1.1.1f 31 Mar 2020 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-KTLRnK/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module |
||
Description
Nginx accepts requests with the following versions
00000000000000001.1 1.00000000000000001
How to reproduce
Start nginx with the following config
events {}
http {
server {
location / {
proxy_pass http://localhost:7000/;
}
}
}
Start listening on port 7000 using the following command
nc -lvnp 7000
Send the following request to nginx
GET / HTTP/00000000000001.1 Host: example.com Connection: close
This can be done using the following command
echo -ne "GET / HTTP/00000000000001.1\r\nConnection: close\r\nHost: example.com\r\n\r\n" | nc localhost 80
We see that nginx forwards the following to port 7000
GET / HTTP/1.0 Host: localhost:7000 Connection: close
Additional information
The following ABNF describes the syntax for the HTTP version in a request where DIGIT is a decimal from 0-9.
HTTP-version = HTTP-name "/" DIGIT "." DIGIT HTTP-name = %x48.54.54.50 ; "HTTP", case-sensitive
You can see that only one DIGIT is allowed before and one after the "."
You can read more about it here: https://datatracker.ietf.org/doc/html/rfc7230#section-2.6
Change History (3)
comment:1 by , 3 years ago
comment:3 by , 3 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Thanks for the feedback. Closing this, since there are no apparent reasons to restrict version parsing from the RFC 2616 syntax to the single-digit syntax introduced in RFC 7230.
As you can see from https://datatracker.ietf.org/doc/html/rfc7230#appendix-A.2, this is a change from RFC 2616:
Since nginx does support multi-digit versions, the existing support for parsing multi-digit versions wasn't removed. In particular, leading zero are ignored as RFC 2616 requires. While this behaviour accepts http messages not valid per RFC 7230, it is believed to be safe.
If you think that the behaviour worth changing for reasons other than "RFC 7230 syntax says there should be one digit", you may want to provide these reasons.