BUG/MINOR: h1: Check authority for non-CONNECT methods only if a scheme is found

When a non-CONNECT H1 request is parsed, the authority is compared to the host header value, to validate that they are the same. However there is an issue here when a relative path is used (not begining with a '/'). In this case, the path is considered as the authority and will be erroneously compared to the host header value. It is observable with this kind of request: GET admin HTTP/1.1 Host: www.mysite.com In this case "admin" is parsed as an authority while it is in fact a path. At this step, it is not a big deal because it just happens on the very first checks on the message during the parsing. However, the same happens when the authority is updated. This will be fixed in another commit Note this kind of request is invalid because the path does not start with a '/'. But, till now, HAProxy does not reject it. This patch is related to issue #2565. It must be backported as far as 2.4.
2025-08-05 22:56:57 +02:00 · 2024-05-14 11:42:21 +02:00 · 2024-05-14 11:42:21 +02:00 · d724b0d147
commit d724b0d147
parent 821a04377d
1 changed files with 6 additions and 2 deletions
--- a/src/h1.c
+++ b/src/h1.c
@ -1100,11 +1100,15 @@ int h1_headers_to_hdr_list(char *start, const char *stop,

 		if (!(h1m->flags & (H1_MF_HDRS_ONLY|H1_MF_RESP))) {
 			struct http_uri_parser parser = http_uri_parser_init(sl.rq.u);
-			struct ist scheme, authority;
+			struct ist scheme, authority = IST_NULL;
 			int ret;

 			scheme = http_parse_scheme(&parser);
-			authority = http_parse_authority(&parser, 1);
+			if (istlen(scheme) || sl.rq.meth == HTTP_METH_CONNECT) {
+				/* Expect an authority if for CONNECT method or if there is a scheme */
+				authority = http_parse_authority(&parser, 1);
+			}
+
 			if (sl.rq.meth == HTTP_METH_CONNECT) {
 				struct ist *host = ((host_idx != -1) ? &hdr[host_idx].v : NULL);