requestbody: Return HTTP 413 (fix #4558)

modules/caddyhttp/errors.go

@@ -82,6 +82,9 @@ func (e HandlerError) Error() string {
 	return strings.TrimSpace(s)
 }
 
+// Unwrap returns the underlying error value. See the `errors` package for info.
+func (e HandlerError) Unwrap() error { return e.Err }
+
 // randString returns a string of n random characters.
 // It is not even remotely secure OR a proper distribution.
 // But it's good enough for some things. It excludes certain

modules/caddyhttp/replacer.go

@@ -162,12 +162,8 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo
 				// read the request body into a buffer (can't pool because we
 				// don't know its lifetime and would have to make a copy anyway)
 				buf := new(bytes.Buffer)
-				_, err := io.Copy(buf, req.Body)
+				_, _ = io.Copy(buf, req.Body) // can't handle error, so just ignore it
-				if err != nil {
+				req.Body = io.NopCloser(buf)  // replace real body with buffered data
-					return "", true
-				}
-				// replace real body with buffered data
-				req.Body = io.NopCloser(buf)
 				return buf.String(), true
 
 				// original request, before any internal changes

modules/caddyhttp/requestbody/requestbody.go

@@ -15,6 +15,7 @@
 package requestbody
 
 import (
+	"io"
 	"net/http"
 
 	"github.com/caddyserver/caddy/v2"
@@ -28,6 +29,7 @@ func init() {
 // RequestBody is a middleware for manipulating the request body.
 type RequestBody struct {
 	// The maximum number of bytes to allow reading from the body by a later handler.
+	// If more bytes are read, an error with HTTP status 413 is returned.
 	MaxSize int64 `json:"max_size,omitempty"`
 }
 
@@ -44,10 +46,24 @@ func (rb RequestBody) ServeHTTP(w http.ResponseWriter, r *http.Request, next cad
 		return next.ServeHTTP(w, r)
 	}
 	if rb.MaxSize > 0 {
-		r.Body = http.MaxBytesReader(w, r.Body, rb.MaxSize)
+		r.Body = errorWrapper{http.MaxBytesReader(w, r.Body, rb.MaxSize)}
 	}
 	return next.ServeHTTP(w, r)
 }
 
+// errorWrapper wraps errors that are returned from Read()
+// so that they can be associated with a proper status code.
+type errorWrapper struct {
+	io.ReadCloser
+}
+
+func (ew errorWrapper) Read(p []byte) (n int, err error) {
+	n, err = ew.ReadCloser.Read(p)
+	if err != nil && err.Error() == "http: request body too large" {
+		err = caddyhttp.Error(http.StatusRequestEntityTooLarge, err)
+	}
+	return
+}
+
 // Interface guard
 var _ caddyhttp.MiddlewareHandler = (*RequestBody)(nil)

modules/caddyhttp/server.go

@@ -17,6 +17,7 @@ package caddyhttp
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net"
 	"net/http"
@@ -600,7 +601,8 @@ func PrepareRequest(r *http.Request, repl *caddy.Replacer, w http.ResponseWriter
 // If err is a HandlerError, the returned values will
 // have richer information.
 func errLogValues(err error) (status int, msg string, fields []zapcore.Field) {
-	if handlerErr, ok := err.(HandlerError); ok {
+	var handlerErr HandlerError
+	if errors.As(err, &handlerErr) {
 		status = handlerErr.StatusCode
 		if handlerErr.Err == nil {
 			msg = err.Error()