Bläddra i källkod

Server must not send "400 Bad Request" if the client times out without sending anything

If the client connects to the server, but does not send a single byte, the server
should just close the connection after a timeout without sending a 400 Bad Request
reply. This is also the case for keep-alive connections (see issue #82).
bel 10 år sedan
förälder
incheckning
e157e10f1a
1 ändrade filer med 8 tillägg och 2 borttagningar
  1. 8 2
      src/civetweb.c

+ 8 - 2
src/civetweb.c

@@ -7360,8 +7360,14 @@ static int getreq(struct mg_connection *conn, char *ebuf, size_t ebuf_len, int *
         *err = 413;
         return 0;
     } else if (conn->request_len <= 0) {
-        snprintf(ebuf, ebuf_len, "%s", "Client sent malformed request");
-        *err = 400;
+        if (conn->data_len>0) {
+            snprintf(ebuf, ebuf_len, "%s", "Client sent malformed request");
+            *err = 400;
+        } else {
+            /* Server did not send anything -> just close the connection */
+            conn->must_close = 1;
+            *err = 0;
+        }
         return 0;
     } else if (parse_http_message(conn->buf, conn->buf_size,
                                   &conn->request_info) <= 0) {