StreamRequestBody shouldn't read more data than actual need.

[newacorn]

The StreamRequestBody feature on the server side should not read content that does not belong to the current request body.This is more logical and consistent with the result of not using the StreamRequestBody feature.
Fixes: #1816.
The reason for addressing this issue is that the Read method of requestStream assumes it should only read up to the Content-Length number of bytes.

[newacorn]

fasthttp/http.go

Line 2286 in 1fb3453

if contentLength >= 0 && maxBodySize >= contentLength {

Here, contentLength is guaranteed to be greater than or equal to 0 because the ContinueReadBodyStream function has already filtered out cases where contentLength is less than 0. It is assumed that a negative Content-Length value other than -1 should not be processed：

fasthttp/http.go

Line 1372 in 1fb3453

if contentLength == -2 {

Below code will also handle cases where maxBodySize is less than contentLength.

fasthttp/http.go

Line 2295 in 1fb3453

if contentLength > maxBodySize {

[erikdubbelboer]

Thanks, the fix looks good. But the new file needs to be formatted. And http.go needs some more newlines:

  http.go:2287: line is 147 characters (lll)
  		A fixed-length pre-read function should be used here; otherwise, it may read content beyond the request body into areas outside of the br buffer.
  http.go:2288: line is 160 characters (lll)
  	        This could affect the handling of the next request in the br buffer, if there is one. The original two branches can be handled with this single branch.

[newacorn]

@erikdubbelboer May I ask what tools you use to lint the fasthttp codebase?

[erikdubbelboer]

@newacorn you can see that here:

fasthttp/.github/workflows/lint.yml

Lines 26 to 28 in 38a91cd

	uses: golangci/golangci-lint-action@v6
	with:
	version: v1.56.2

[erikdubbelboer]

Thanks!