Pingora: return 400 (not 500) on malformed request bodies#138
Closed
MDA2AV wants to merge 1 commit into
Closed
Conversation
The probe app read the POST body with `session.read_request_body().await?`; on malformed chunk framing Pingora's body reader errors, the ? propagated out of request_filter, and Pingora emitted its default 500 — failing 17 chunk/TE smuggling+malformed tests that expect 400 or close. Now the read loop catches the error and returns a clean 400. Pingora was already detecting the bad framing; this just surfaces it as a client error.
|
Http11Probe — Compliance Comparison
✅ Baseline PassedCompliance
Smuggling
Malformed Input
Header Normalization
Commit: fb39592 |
Owner
Author
|
Closing per the same principle as #139: this imposed a 400 where Pingora natively emits a 500 on a body-read error. The probe measures what a framework does when someone uses it, so we keep Pingora's native 500 rather than translate it to 400. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.



Problem
The Pingora probe app reads the POST body with
session.read_request_body().await?. On malformed chunk framing, Pingora's body reader returns anErr, the?propagates out ofrequest_filter, and Pingora emits its default 500 — failing 17 chunk/TE tests (SMUG-CHUNK-NEGATIVE,-HEX-PREFIX,-MISSING-TRAILING-CRLF,MAL-CHUNK-SIZE-OVERFLOW,SMUG-TE-CASE-MISMATCH, …) that expect400or close.Fix
The read loop now catches the error and returns a clean 400. Pingora was already rejecting the bad framing — this just surfaces it as a client error instead of a server error.
Note: this only addresses the
500s. The separate ~47200failures are Pingora's lenient parsing + the fact that it's a proxy being scored as a bare origin (request_filtershort-circuits,upstream_peerisunreachable!()), which is a deeper modeling question left as-is.Engine/server change → re-probes Pingora.