From 78265c683030bdde76b21c605066c2d3bace7085 Mon Sep 17 00:00:00 2001 From: WeidiDeng Date: Thu, 24 Oct 2024 10:25:12 +0800 Subject: [PATCH] fastcgi: check for CONTENT_LENGTH when sending requests --- modules/caddyhttp/reverseproxy/fastcgi/client.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/modules/caddyhttp/reverseproxy/fastcgi/client.go b/modules/caddyhttp/reverseproxy/fastcgi/client.go index 7284fe67..8cf13ea9 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/client.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/client.go @@ -26,6 +26,7 @@ package fastcgi import ( "bufio" "bytes" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" "io" "mime/multipart" "net" @@ -136,6 +137,18 @@ type client struct { // Do made the request and returns a io.Reader that translates the data read // from fcgi responder out of fcgi packet before returning it. func (c *client) Do(p map[string]string, req io.Reader) (r io.Reader, err error) { + // check for CONTENT_LENGTH, since the lack of it or wrong value will cause the backend to hang + if clStr, ok := p["CONTENT_LENGTH"]; !ok { + return nil, caddyhttp.Error(http.StatusLengthRequired, nil) + } else { + cl, err := strconv.ParseInt(clStr, 10, 64) + // stdlib won't return a negative Content-Length, but we check just in case, + // the most likely cause is from a missing content length, which is -1 + if err != nil || cl < 0 { + return nil, caddyhttp.Error(http.StatusLengthRequired, err) + } + } + writer := &streamWriter{c: c} writer.buf = bufPool.Get().(*bytes.Buffer) writer.buf.Reset()