From f56e8465f067c84b820dbedd89e6f44f1e02c179 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Tue, 28 Sep 2021 10:56:36 +0200 Subject: [PATCH] BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers" Only chunk-encoded response payloads are supported by HAProxy. All other transfer encodings are not supported and will be an issue if the HTTP compression is enabled. So be sure only "trailers" is send in TE request headers. The patch is related to the issue #1301. It must be backported to all stable versions. Be carefull for 2.0 and lower because the HTTP legacy must also be fixed. --- src/mux_fcgi.c | 9 +++++++++ src/mux_h1.c | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c index 84b3aeb5d..78705bdef 100644 --- a/src/mux_fcgi.c +++ b/src/mux_fcgi.c @@ -2028,6 +2028,15 @@ static size_t fcgi_strm_send_params(struct fcgi_conn *fconn, struct fcgi_strm *f else { if (isteq(p.n, ist("host"))) params.srv_name = p.v; + else if (isteq(p.n, ist("te"))) { + /* "te" may only be sent with "trailers" if this value + * is present, otherwise it must be deleted. + */ + p.v = istist(p.v, ist("trailers")); + if (!isttest(p.v) || (p.v.len > 8 && p.v.ptr[8] != ',')) + break; + p.v = ist("trailers"); + } /* Skip header if same name is used to add the server name */ if (fconn->proxy->server_id_hdr_name && diff --git a/src/mux_h1.c b/src/mux_h1.c index a627f1985..47322cb3e 100644 --- a/src/mux_h1.c +++ b/src/mux_h1.c @@ -1974,6 +1974,15 @@ static size_t h1_process_mux(struct h1c *h1c, struct buffer *buf, size_t count) !(h1m->flags & H1_MF_RESP))) { ws_key_found = 1; } + else if (isteq(n, ist("te"))) { + /* "te" may only be sent with "trailers" if this value + * is present, otherwise it must be deleted. + */ + v = istist(v, ist("trailers")); + if (!isttest(v) || (v.len > 8 && v.ptr[8] != ',')) + goto skip_hdr; + v = ist("trailers"); + } /* Skip header if same name is used to add the server name */ if (!(h1m->flags & H1_MF_RESP) && h1c->px->server_id_hdr_name &&