mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-06 07:07:04 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: h3: Declare absolute URI as normalized when a :authority is found

Browse Source 
Since commit 2c3d656f8 ("MEDIUM: h3: use absolute URI form with
:authority"), the absolute URI form is used when a ':authority'
pseudo-header is found. However, this URI was not declared as normalized
internally.  So, when the request is reformated to be sent to an h1 server,
the absolute-form is used instead of the origin-form. It is unexpected and
may be an issue for some servers that could reject the request.

So, now, we take care to set HTX_SL_F_HAS_AUTHORITY flag on the HTX message
when an authority was found and HTX_SL_F_NORMALIZED_URI flag is set for
"http" or "https" schemes.

No backport needed because the commit above must not be backported. It
should fix a regression reported on the 3.2-dev17 in issue #2977.

This commit depends on "BUG/MINOR: h3: Set HTX flags corresponding to the
scheme found in the request".
This commit is contained in:
Christopher Faulet 2025-05-26 11:20:24 +02:00
parent da9792cca8
commit e70c23e517
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/h3.c
View File

@ -777,6 +777,7 @@ static ssize_t h3_headers_to_htx(struct qcs *qcs, const struct buffer *buf,
if (!istlen(scheme)) {
/* No scheme (CONNECT), use :authority only. */
uri = authority;
flags |= HTX_SL_F_HAS_AUTHORITY;
}
else if (isttest(authority)) {
/* Use absolute URI form as :authority is present. */
@ -785,6 +786,20 @@ static ssize_t h3_headers_to_htx(struct qcs *qcs, const struct buffer *buf,
istcat(&uri, authority, trash.size);
if (!isteq(path, ist("*")))
istcat(&uri, path, trash.size);
flags |= HTX_SL_F_HAS_AUTHORITY;
if (flags & (HTX_SL_F_SCHM_HTTP|HTX_SL_F_SCHM_HTTPS)) {
/* we don't know if it was originally an absolute or a
* relative request because newer versions of HTTP use
* the absolute URI format by default, which we call
* the normalized URI format internally. This is the
* strongly recommended way of sending a request for
* a regular client, so we cannot distinguish this
* from a request intended for a proxy. For other
* schemes however there is no doubt.
*/
flags |= HTX_SL_F_NORMALIZED_URI;
}
}
else {
/* Use origin URI form. */