Project

General

Profile

Activity

From 2026-07-09 to 2026-07-15

Today

TO 05:39 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
I tested the referenced patches against the scenario I reported and can confirm that they fully resolve the issue. Thank you very much for the fix. tomas.paukrt
GS 03:52 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
Fixed in lighttpd git master branch and will be included in a future lighttpd release.
You'll need two commits minimum if you cherry-pick: commit commit:2ff754cc0ea3768bf5c5536262bc76a294070702 and commit commit:7c7fd6819eded98a2c20b4b6e...
gstrauss
GS 03:45 Lighttpd Bug #3316 (Fixed): CGI error-handler is aborted when handling error code 413
Applied in changeset commit:7c7fd6819eded98a2c20b4b6e17e73d4c278d1a1. gstrauss
GS 03:33 Lighttpd Revision 7c7fd681: [h2] fix custom error handler w/ req body (fixes #3316)
fix custom error handler when client is actively uploading request body
x-ref:
"CGI error-handler is aborted when handling error code 413"
https://redmine.lighttpd.net/issues/3316
gstrauss
GS 00:41 Lighttpd Revision 66e0f824: [h2] adjust data accounting higher in h2_recv_data
gstrauss

2026-07-14

GS 13:31 Lighttpd Revision 2ff754cc: [h2] remote window size comments and update
gstrauss

2026-07-12

GS 21:29 Lighttpd Bug #3316 (New): CGI error-handler is aborted when handling error code 413
Summary:
We have established that there is a bug in lighttpd HTTP/2 handling of HTTP status >= 4xx *with a custom error handler* when the client is still in the process of uploading a request body.
The request stream might be reset e...
gstrauss
TO 20:52 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
You're right. I should have clarified that I only performed the version comparison after submitting the bug report. Initially, I had only confirmed the issue with 1.4.85. Thank you for pointing that out and for taking the time to look in... tomas.paukrt
GS 19:28 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
>> Did this scenario ever work for your with lighttpd?
> ...
This information would have been much more useful and wasted less time were it posted in your original bug report.
Kindly review "How to get support":https://redmine.ligh...
gstrauss
TO 19:17 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
> Did this scenario ever work for your with lighttpd?
No. I tested several versions starting with 1.4.75 and the issue occurs with all of them.
> ...
I built lighttpd 1.4.85 for x86_64.
tomas.paukrt
GS 09:20 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
When content-length is provided in the request, lighttpd detects the 413 condition early. @http_response_call_error_handler()@ resets @r->reqbody_length = 0@ since the error handler does not receive a request body.
@src/h2.c:h2_recv_da...
gstrauss
GS 08:34 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
I can reproduce this if I increase the size of the upload file passed to curl.
> There is code in lighttpd src/h2.c to detect a client sending too much data, and if that is the case, lighttpd may classify it as an attack and will rese...
gstrauss
GS 08:12 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
Did this scenario ever work for your with lighttpd? Which version of lighttpd did this work on? What version of lighttpd are you running on the Ubuntu 18? (Ubuntu 18 was released in 2018. It's very old. In 2018, lighttpd did not sup... gstrauss
TO 07:35 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
I'm also able to reproduce this issue on Ubuntu 18 using the same @lighttpd.conf@ and @error.cgi@ (@module.cgi@ is not even necessary, since this CGI script is never executed when the request payload is too large).
Build and run:
tomas.paukrt
GS 07:22 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
@http_response_call_error_handler()@ calls http_response_errdoc_init() which calls http_response_body_clear() which sets @r->resp_body_finished = 0@, so that recent change in lighttpd 1.4.83 might not be related to this issue.
For oth...
gstrauss
GS 06:48 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
I tested again with both the request and the error handler being @.cgi@, similar to your test case above, and it still works for me on x86_64.
request to foo.cgi:
gstrauss
TO 05:41 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
Environment:
* Hardware platform: ARMv7
* lighttpd version: 1.4.85
* OpenSSL version: 3.5.7
* Linux kernel version: 6.18.36
* Clients: Google Chrome, curl
I'm able to reproduce the issue with the following minimal @lighttpd.conf@:
tomas.paukrt
GS 05:02 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
Also continues to work as intended when I add @server.stream-response-body = 1@ to my test lighttpd.conf. gstrauss
GS 05:00 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
Things continue to work as intended for me if I modify @err.cgi@ to flush output and to pause, taking time to send the body. Still works fine for me. gstrauss
GS 04:57 Lighttpd Bug #3316 (Need Feedback): CGI error-handler is aborted when handling error code 413
Unable to reproduce. Please provide more details. See "How to get support":https://redmine.lighttpd.net/boards/2/topics/5
You have not provided the version of lighttpd you are running, your platform, or any other details which might h...
gstrauss
AV 04:50 Lighttpd Bug #3316: CGI error-handler is aborted when handling error code 413
What's your lighttpd version? avij
TO 04:22 Lighttpd Bug #3316 (Fixed): CGI error-handler is aborted when handling error code 413
When a request is sent over *HTTP/2*, exceeds @server.max-request-size@ and @server.error-handler@ is configured to use a CGI script, the error handler cannot generate the custom error response. The CGI script is started, but receives @S... tomas.paukrt

2026-07-09

GS 13:15 Lighttpd Revision 78624eb2: [lemon] build w/ Visual Studio
gstrauss
GS 03:40 Lighttpd Revision 39c8389e: [build] packdist.sh adjust wiki template
gstrauss
GS 02:41 Lighttpd Release: lighttpd 1.4.85
[[Release-1_4_85|lighttpd 1.4.85 release notes]] gstrauss
GS 02:40 Lighttpd Revision 0cc9e7c1: - next is 1.4.86
gstrauss
GS 02:27 Lighttpd Revision 4852959e: [doc] NEWS
gstrauss
 

Also available in: Atom