Activity
From 2026-07-09 to 2026-07-15
Today
- TO 05:39 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
- I tested the referenced patches against the scenario I reported and can confirm that they fully resolve the issue. Thank you very much for the fix.
- GS 03:52 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
- Fixed in lighttpd git master branch and will be included in a future lighttpd release.
You'll need two commits minimum if you cherry-pick: commit commit:2ff754cc0ea3768bf5c5536262bc76a294070702 and commit commit:7c7fd6819eded98a2c20b4b6e... - GS 03:45 Lighttpd Bug #3316 (Fixed): CGI error-handler is aborted when handling error code 413
- Applied in changeset commit:7c7fd6819eded98a2c20b4b6e17e73d4c278d1a1.
- GS 03:33 Lighttpd Revision 7c7fd681: [h2] fix custom error handler w/ req body (fixes #3316)
- fix custom error handler when client is actively uploading request body
x-ref:
"CGI error-handler is aborted when handling error code 413"
https://redmine.lighttpd.net/issues/3316 - GS 00:41 Lighttpd Revision 66e0f824: [h2] adjust data accounting higher in h2_recv_data
2026-07-14
- GS 13:31 Lighttpd Revision 2ff754cc: [h2] remote window size comments and update
2026-07-12
- GS 21:29 Lighttpd Bug #3316 (New): CGI error-handler is aborted when handling error code 413
- Summary:
We have established that there is a bug in lighttpd HTTP/2 handling of HTTP status >= 4xx *with a custom error handler* when the client is still in the process of uploading a request body.
The request stream might be reset e... - TO 20:52 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
- You're right. I should have clarified that I only performed the version comparison after submitting the bug report. Initially, I had only confirmed the issue with 1.4.85. Thank you for pointing that out and for taking the time to look in...
- GS 19:28 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
- >> Did this scenario ever work for your with lighttpd?
> ...
This information would have been much more useful and wasted less time were it posted in your original bug report.
Kindly review "How to get support":https://redmine.ligh... - TO 19:17 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
- > Did this scenario ever work for your with lighttpd?
No. I tested several versions starting with 1.4.75 and the issue occurs with all of them.
> ...
I built lighttpd 1.4.85 for x86_64. - GS 09:20 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
- When content-length is provided in the request, lighttpd detects the 413 condition early. @http_response_call_error_handler()@ resets @r->reqbody_length = 0@ since the error handler does not receive a request body.
@src/h2.c:h2_recv_da... - GS 08:34 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
- I can reproduce this if I increase the size of the upload file passed to curl.
> There is code in lighttpd src/h2.c to detect a client sending too much data, and if that is the case, lighttpd may classify it as an attack and will rese... - GS 08:12 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
- Did this scenario ever work for your with lighttpd? Which version of lighttpd did this work on? What version of lighttpd are you running on the Ubuntu 18? (Ubuntu 18 was released in 2018. It's very old. In 2018, lighttpd did not sup...
- TO 07:35 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
- I'm also able to reproduce this issue on Ubuntu 18 using the same @lighttpd.conf@ and @error.cgi@ (@module.cgi@ is not even necessary, since this CGI script is never executed when the request payload is too large).
Build and run: - GS 07:22 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
- @http_response_call_error_handler()@ calls http_response_errdoc_init() which calls http_response_body_clear() which sets @r->resp_body_finished = 0@, so that recent change in lighttpd 1.4.83 might not be related to this issue.
For oth... - GS 06:48 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
- I tested again with both the request and the error handler being @.cgi@, similar to your test case above, and it still works for me on x86_64.
request to foo.cgi: - TO 05:41 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
- Environment:
* Hardware platform: ARMv7
* lighttpd version: 1.4.85
* OpenSSL version: 3.5.7
* Linux kernel version: 6.18.36
* Clients: Google Chrome, curl
I'm able to reproduce the issue with the following minimal @lighttpd.conf@: - GS 05:02 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
- Also continues to work as intended when I add @server.stream-response-body = 1@ to my test lighttpd.conf.
- GS 05:00 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
- Things continue to work as intended for me if I modify @err.cgi@ to flush output and to pause, taking time to send the body. Still works fine for me.
- GS 04:57 Lighttpd Bug #3316 (Need Feedback): CGI error-handler is aborted when handling error code 413
- Unable to reproduce. Please provide more details. See "How to get support":https://redmine.lighttpd.net/boards/2/topics/5
You have not provided the version of lighttpd you are running, your platform, or any other details which might h... - AV 04:50 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
- What's your lighttpd version?
- TO 04:22 Lighttpd Bug #3316 (Fixed): CGI error-handler is aborted when handling error code 413
- When a request is sent over *HTTP/2*, exceeds @server.max-request-size@ and @server.error-handler@ is configured to use a CGI script, the error handler cannot generate the custom error response. The CGI script is started, but receives @S...
2026-07-09
- GS 13:15 Lighttpd Revision 78624eb2: [lemon] build w/ Visual Studio
- GS 03:40 Lighttpd Revision 39c8389e: [build] packdist.sh adjust wiki template
- GS 02:41 Lighttpd Release: lighttpd 1.4.85
- [[Release-1_4_85|lighttpd 1.4.85 release notes]]
- GS 02:40 Lighttpd Revision 0cc9e7c1: - next is 1.4.86
- GS 02:27 Lighttpd Revision 4852959e: [doc] NEWS