mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-02 11:41:07 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: h1: Enforce the authority validation during H1 request parsing

Browse Source 
When a H1 request was parsed, only a light validation was performed on the
URI, mainly because there was no distinction between the different parts of
the URI. So only characters in the range [0x21, 0x7e], excluding the "#" was
allowed.

To be consistant with the H2 and H3 parser, the authority is now validated,
using http_authority_has_forbidden_char() function.

This patch should be backported as far as 2.8. For previous verions,
http_authority_has_forbidden_char() function does not exist.
This commit is contained in:
Christopher Faulet 2026-04-28 11:20:59 +02:00
parent b743b566b4
commit a46b0eec72
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/h1.c
View File

@ -1073,6 +1073,22 @@ int h1_headers_to_hdr_list(char *start, const char *stop,
case URI_PARSER_FORMAT_ABSURI_OR_AUTHORITY:
scheme = http_parse_scheme(&parser);
authority = http_parse_authority(&parser, 1);
if (http_authority_has_forbidden_char(authority)) {
if (h1m->err_pos < -1) {
state = H1_MSG_LAST_LF;
/* WT: gcc seems to see a path where sl.rq.u.ptr was used
* uninitialized, but it doesn't know that the function is
* called with initial states making this impossible.
*/
ALREADY_CHECKED(sl.rq.u.ptr);
ptr = sl.rq.u.ptr; /* Set ptr on the error */
goto http_msg_invalid;
}
if (h1m->err_pos == -1) /* capture the error pointer */
h1m->err_pos = sl.rq.u.ptr - start + skip; /* >= 0 now */
}
if (!isttest(scheme)) { /* scheme not found: MUST be an authority */
struct ist *host = NULL;
@ -1082,7 +1098,6 @@ int h1_headers_to_hdr_list(char *start, const char *stop,
}
if (host_idx != -1)
host = &hdr[host_idx].v;
authority = http_parse_authority(&parser, 1);
ret = h1_validate_connect_authority(scheme, authority, host);
if (ret < 0) {
if (h1m->err_pos < -1) {
@ -1109,7 +1124,6 @@ int h1_headers_to_hdr_list(char *start, const char *stop,
if (host_idx != -1)
host = hdr[host_idx].v;
authority = http_parse_authority(&parser, 1);
/* For non-CONNECT method, the authority must match the host header value */
if (isttest(host) && !isteqi(authority, host)) {
ret = h1_validate_mismatch_authority(scheme, authority, host);