Skip to content

Return 413 when POST body exceeds post_copy_size during request buffering #12817

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
brbzull0 wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Return 413 when POST body exceeds post_copy_size during request buffering #12817

brbzull0 wants to merge 1 commit into from
+184 −6

Conversation

@brbzull0
Copy link
Contributor

@brbzull0 brbzull0 commented Jan 16, 2026
edited
Loading

While fixing another issue I came across the following crash:

Fatal: /users/me/git/trafficserver/src/proxy/http/HttpSM.cc:6017: failed assertion `_ua.get_entry()->vc == _ua.get_txn()`
NOTE: using the environment variable TS_RUNROOT
[Jan 15 11:05:27.273] traffic_crashlo NOTE: crashlog started, target=223449, debug=false syslog=true, uid=1000 euid=1000
[Jan 15 11:05:27.273] traffic_crashlo NOTE: logging to 0x7674e0
[Jan 15 11:05:27.465] traffic_crashlo ERROR: wrote crash log to /tmp/_snbx-tcl/post-body-too-large-413/ts/log/crash-2026-01-15-110527.log
traffic_server: received signal 6 (Aborted)
traffic_server - STACK TRACE: 
/tmp/_snbx-tcl/post-body-too-large-413/ts/bin/traffic_server(_Z19crash_logger_invokeiP9siginfo_tPv+0xce)[0x90db1d]
/lib64/libc.so.6(+0x3e9a0)[0x7f760085c9a0]
/lib64/libc.so.6(+0x90834)[0x7f76008ae834]
/lib64/libc.so.6(raise+0x1e)[0x7f760085c8ee]
/lib64/libc.so.6(abort+0xdf)[0x7f76008448ff]

and it happens when a request body exceeded proxy.config.http.post_copy_size during buffering, as the above ATS would crash or maybe(couldn't get this) return incorrect error responses (403??).

So, after some(heavy) back and forth with Claude(AI) we came across this fix.

My main question here is, does it make sense to try to respond 413 in this case as earlier as possible?

Summary

This PR fixes the handling of oversized POST request bodies when proxy.config.http.request_buffer_enabled is true.

Problem

When request buffering is enabled, ATS buffers the POST body . If the body exceeds post_copy_size:

  • Chunked requests: ATS would trigger VC_EVENT_ERROR in the tunnel, causing state corruption and either a crash (_ua.get_entry()->vc == _ua.get_txn() assertion) or a 403 Forbidden response.
  • Requests with Content-Length: The size wasn't checked upfront, so ATS would start buffering only to fail mid-stream.
  • Requests with Expect: 100-continue: ATS would send "100 Continue" before checking the body size, causing clients to transmit oversized bodies that would ultimately be rejected—wasting bandwidth.

Solution

For requests with known Content-Length:

  • Check Content-Length against post_copy_size upfront in HttpTransact::HandleRequest()
  • For Expect: 100-continue requests, check before sending "100 Continue" in state_read_client_request_header()

For chunked requests (size unknown upfront):

  • Detect overflow during buffering in HttpTunnel
  • Set request_body_too_large flag and use HTTP_TUNNEL_EVENT_PRECOMPLETE for graceful tunnel completion
  • HttpSM::tunnel_handler_post() checks the flag and calls HttpTransact::PostBodyTooLarge() to send 413

NOTE: I've changed post_slow_server.test.py so it runs in CI, it does ok locally, but just in case. I will be removing it after it runs.

@brbzull0
Return 413 for POST bodies exceeding post_copy_size during request bu…
be17b0d 
…ffering

When request_buffer_enabled is true and a POST/PUT body exceeds
post_copy_size, ATS now properly returns 413 Content Too Large instead
of crashing or returning incorrect error responses.

This change addresses two scenarios:

1. Requests with known Content-Length:
   - Check Content-Length against post_copy_size upfront in HandleRequest()
   - For requests with "Expect: 100-continue", perform the check BEFORE
     sending "100 Continue" to avoid wasting bandwidth on bodies that
     will be rejected

2. Chunked transfer encoding requests:
   - Since body size is unknown upfront, detect overflow during buffering
   - Set request_body_too_large flag and use HTTP_TUNNEL_EVENT_PRECOMPLETE
     for graceful tunnel completion
   - HttpSM checks the flag and calls PostBodyTooLarge to send 413
@brbzull0
Copy link
Contributor Author

brbzull0 commented Jan 16, 2026
edited
Loading

filter_body test seems to be failing. Invetigating. fine now.

@brbzull0
Copy link
Contributor Author

brbzull0 commented Jan 16, 2026

[approve ci autest 0]

@brbzull0 brbzull0 self-assigned this Jan 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@brbzull0 brbzull0

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@brbzull0