mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-04-18 12:14:56 +02:00
Code Issues Projects Releases Wiki Activity
haproxy/src
History
Tim Duesterhus 8f4116ea65 BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols 
This patch hardens the verification of the HTTP/1.x version line
(i.e. the first line within an HTTP/1.x request) to verify that
the protocol name within the version actually reads "HTTP".

Previously protocols that superficially resembled the wire-format
of HTTP/1.x and having a 4-letter acronym as the protocol name, such
as RTSP would pass this check.

This patch fixes GitHub issue #540, it must be backported to all
supported versions. The legacy, non-HTX parser is affected as well,
a fix must be created for it as well.

Note that such protocols can still be used when option
accept-invalid-http-request is set.
2022-05-24 15:38:05 +02:00
..
acl.c
MINOR: acl: alphanumerically sort the ACL dump
2022-03-30 11:49:59 +02:00
action.c
BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments
2022-04-25 15:28:21 +02:00
activity.c
CLEANUP: applet: remove the unneeded appctx->owner
2022-05-13 14:28:48 +02:00
applet.c
MINOR: conn-stream/applet: Stop setting appctx as the endpoint context
2022-05-17 16:13:22 +02:00
arg.c
auth.c
backend.c
CLEANUP: muxes: make mux->attach/detach take a conn_stream endpoint
2022-05-13 14:28:48 +02:00
base64.c
cache.c
CLEANUP: applet: remove the unneeded appctx->owner
2022-05-13 14:28:48 +02:00
calltrace.c
BUILD: calltrace: fix wrong include when building with TRACE=1
2022-04-19 08:23:30 +02:00
cbuf.c
CLEANUP: tree-wide: remove a few rare non-ASCII chars
2022-03-04 08:58:32 +01:00
cfgcond.c
MINOR: ssl: Add ssllib_name_startswith precondition
2021-10-13 11:28:08 +02:00
cfgdiag.c
cfgparse-global.c
MINOR: config: Add "cluster-secret" new global keyword
2022-05-12 17:48:35 +02:00
cfgparse-listen.c
MINOR: config: use the new bind_parse_args_list() to parse a "bind" line
2022-05-20 18:39:43 +02:00
cfgparse-quic.c
CLEANUP: listener: replace bind_conf->quic_force_retry with BC_O_QUIC_FORCE_RETRY
2022-05-20 18:41:51 +02:00
cfgparse-ssl.c
MINOR: listener/ssl: set the SSL xprt layer only once the whole config is known
2022-05-20 18:41:55 +02:00
cfgparse-tcp.c
CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h
2022-04-26 10:59:48 +02:00
cfgparse-unix.c
CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h
2022-04-26 10:59:48 +02:00
cfgparse.c
MINOR: listener: automatically select a QUIC mux with a QUIC transport
2022-05-20 18:41:55 +02:00
channel.c
CLEANUP: tree-wide: Remove any ref to stream-interfaces
2022-04-13 15:10:16 +02:00
check.c
MEDIUM: check: Use the CS to handle subscriptions for read/write events
2022-05-19 10:12:38 +02:00
chunk.c
CLEANUP: chunks: release trash also in deinit
2022-04-27 17:55:41 +02:00
cli.c
CLEANUP: applet: remove the unneeded appctx->owner
2022-05-13 14:28:48 +02:00
clock.c
compression.c
CLEANUP: compression: move the default setting of maxzlibmem to defaults
2022-04-25 19:42:43 +02:00
conn_stream.c
MEDIUM: check: Use the CS to handle subscriptions for read/write events
2022-05-19 10:12:38 +02:00
connection.c
MINOR: connection: add flag MX_FL_FRAMED to mark muxes relying on framed xprt
2022-05-20 18:41:55 +02:00
cpuset.c
BUILD: cpuset: do not use const on the source of CPU_AND/CPU_ASSIGN
2022-01-28 19:04:02 +01:00
debug.c
CLEANUP: applet: remove the unneeded appctx->owner
2022-05-13 14:28:48 +02:00
dgram.c
dict.c
dns.c
MINOR: applet: Add API to start applet on a thread subset
2022-05-17 16:13:22 +02:00
dynbuf.c
eb32sctree.c
eb32tree.c
eb64tree.c
ebimtree.c
ebistree.c
ebmbtree.c
ebpttree.c
ebsttree.c
ebtree.c
errors.c
CLEANUP: ring: pass the ring watch flags to ring_attach_cli(), not in ctx.cli
2022-05-06 18:13:36 +02:00
ev_epoll.c
BUILD: pollers: use an initcall to register the pollers
2022-04-25 19:00:55 +02:00
ev_evports.c
BUILD: pollers: use an initcall to register the pollers
2022-04-25 19:00:55 +02:00
ev_kqueue.c
BUILD: pollers: use an initcall to register the pollers
2022-04-25 19:00:55 +02:00
ev_poll.c
BUILD: pollers: use an initcall to register the pollers
2022-04-25 19:00:55 +02:00
ev_select.c
BUILD: pollers: use an initcall to register the pollers
2022-04-25 19:00:55 +02:00
extcheck.c
MINOR: ext-check: indicate the transport and protocol of a server
2022-05-13 16:06:29 +02:00
fcgi-app.c
MEDIUM: http-ana: Add a proxy option to restrict chars in request header names
2022-05-16 16:00:26 +02:00
fcgi.c
CLEANUP: Reapply ist.cocci with --include-headers-for-types --recursive-includes
2022-03-21 08:30:47 +01:00
fd.c
BUILD: fd: disguise the fd_set_nonblock/cloexec result
2022-04-27 10:52:21 +02:00
filters.c
CLEANUP: tree-wide: Remove any ref to stream-interfaces
2022-04-13 15:10:16 +02:00
fix.c
flt_http_comp.c
BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags
2022-04-15 16:22:33 +02:00
flt_spoe.c
BUG/MINOR: spoe: Fix error handling in spoe_init_appctx()
2022-05-18 09:04:53 +02:00
flt_trace.c
CLEANUP: Apply ist.cocci
2021-11-08 12:08:26 +01:00
freq_ctr.c
frontend.c
CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h
2022-04-26 10:59:48 +02:00
h1_htx.c
BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols
2022-05-24 15:38:05 +02:00
h1.c
CLEANUP: Reapply ist.cocci with --include-headers-for-types --recursive-includes
2022-03-21 08:30:47 +01:00
h2.c
CLEANUP: Reapply ist.cocci with --include-headers-for-types --recursive-includes
2022-03-21 08:30:47 +01:00
h3.c
MINOR: mux-quic: implement MAX_STREAM_DATA emission
2022-05-18 16:25:07 +02:00
haproxy.c
CLEANUP: init: address a coverity warning about possible multiply overflow
2022-05-24 07:46:00 +02:00
hash.c
hlua_fcn.c
CLEANUP: Add missing header to hlua_fcn.c
2022-05-17 11:40:33 +02:00
hlua.c
MINOR: applet: Add API to start applet on a thread subset
2022-05-17 16:13:22 +02:00
hpack-dec.c
BUILD/DEBUG: hpack: use unsigned int in printf format in debug code
2022-04-12 08:40:38 +02:00
hpack-enc.c
hpack-huff.c
OPTIM: hpack: read 32 bits at once when possible.
2022-04-01 17:29:06 +02:00
hpack-tbl.c
BUILD/DEBUG: hpack-tbl: fix format string in standalone debug code
2022-04-12 08:30:08 +02:00
hq_interop.c
MINOR: mux-quic: implement MAX_STREAM_DATA emission
2022-05-18 16:25:07 +02:00
http_acl.c
http_act.c
BUG/MINOR: http-act: make release_http_redir() more robust
2022-04-25 16:09:26 +02:00
http_ana.c
CLEANUP: http_ana: Make use of the return value of stream_generate_unique_id()
2022-05-18 07:19:01 +02:00
http_client.c
CLEANUP: httpclient: Remove useless test on ss_dst in httpclient_applet_init()
2022-05-18 09:29:33 +02:00
http_conv.c
BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples
2022-04-08 10:12:59 +02:00
http_fetch.c
CLEANUP: tree-wide: Remove any ref to stream-interfaces
2022-04-13 15:10:16 +02:00
http_htx.c
CLEANUP: Destroy http_err_chunks members during deinit
2022-04-26 23:39:43 +02:00
http_rules.c
BUILD: http: remove the two unused constructors in rules and ana
2022-04-25 19:26:26 +02:00
http.c
htx.c
BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks()
2022-02-28 17:16:55 +01:00
init.c
MINOR: init: add the pre-check callback
2022-04-22 15:45:47 +02:00
jwt.c
BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls
2022-02-15 20:08:20 +01:00
lb_chash.c
lb_fas.c
lb_fwlc.c
lb_fwrr.c
lb_map.c
listener.c
MINOR: listener: automatically enable SSL if a QUIC transport is found
2022-05-20 18:41:55 +02:00
log.c
MINOR: protocol: replace ctrl_type with xprt_type and clarify it
2022-05-20 18:39:43 +02:00
lru.c
BUILD/DEBUG: lru: fix printf format in debug code
2022-04-12 08:19:33 +02:00
mailers.c
BUG/MINOR: mailers: negotiate SMTP, not ESMTP
2022-02-17 15:45:59 +01:00
map.c
CLEANUP: applet: remove the unneeded appctx->owner
2022-05-13 14:28:48 +02:00
mjson.c
mqtt.c
MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1
2022-03-22 09:25:52 +01:00
mux_fcgi.c
CLEANUP: muxes: make mux->attach/detach take a conn_stream endpoint
2022-05-13 14:28:48 +02:00
mux_h1.c
CLEANUP: conn_stream: merge cs_new_from_{mux,applet} into cs_new_from_endp()
2022-05-13 14:28:48 +02:00
mux_h2.c
CLEANUP: conn_stream: merge cs_new_from_{mux,applet} into cs_new_from_endp()
2022-05-13 14:28:48 +02:00
mux_pt.c
CLEANUP: conn_stream: merge cs_new_from_{mux,applet} into cs_new_from_endp()
2022-05-13 14:28:48 +02:00
mux_quic.c
Revert "MINOR: mux-quic: activate qmux traces on stdout via macro"
2022-05-23 11:06:42 +02:00
mworker-prog.c
BUILD: mworker: include tools.h for platforms without unsetenv()
2022-01-28 19:04:02 +01:00
mworker.c
CLEANUP: applet: remove the unneeded appctx->owner
2022-05-13 14:28:48 +02:00
namespace.c
ncbuf.c
MINOR: ncbuf: refactor ncb_advance()
2022-05-18 15:30:13 +02:00
pattern.c
payload.c
REORG: conn_stream: move conn-stream stuff in dedicated files
2022-02-24 11:00:02 +01:00
peers.c
CLEANUP: peers: Remove unreachable code in peer_session_create()
2022-05-18 09:04:53 +02:00
pipe.c
pool.c
CLEANUP: applet: remove the unneeded appctx->owner
2022-05-13 14:28:48 +02:00
proto_quic.c
MINOR: protocol: replace ctrl_type with xprt_type and clarify it
2022-05-20 18:39:43 +02:00
proto_sockpair.c
MINOR: protocol: replace ctrl_type with xprt_type and clarify it
2022-05-20 18:39:43 +02:00
proto_tcp.c
MINOR: protocol: replace ctrl_type with xprt_type and clarify it
2022-05-20 18:39:43 +02:00
proto_udp.c
MINOR: protocol: replace ctrl_type with xprt_type and clarify it
2022-05-20 18:39:43 +02:00
proto_uxdg.c
MINOR: protocol: replace ctrl_type with xprt_type and clarify it
2022-05-20 18:39:43 +02:00
proto_uxst.c
MINOR: protocol: replace ctrl_type with xprt_type and clarify it
2022-05-20 18:39:43 +02:00
protocol.c
MINOR: protocol: replace ctrl_type with xprt_type and clarify it
2022-05-20 18:39:43 +02:00
proxy.c
CLEANUP: applet: remove the unneeded appctx->owner
2022-05-13 14:28:48 +02:00
qpack-dec.c
MEDIUM: mux-quic/h3/qpack: use ncbuf for uni streams
2022-05-13 17:29:49 +02:00
qpack-enc.c
MINOR: h3/qpack: fix gcc11 warnings
2021-11-08 08:59:30 +01:00
qpack-tbl.c
CLEANUP: tree-wide: remove a few rare non-ASCII chars
2022-03-04 08:58:32 +01:00
queue.c
MEDIUM: stream: remove the confusing SF_ADDR_SET flag
2022-05-02 16:56:01 +02:00
quic_cc_newreno.c
CLEANUP: quic: Remove window redundant variable from NewReno algorithm state struct
2022-03-04 17:47:32 +01:00
quic_cc.c
CLEANUP: tree-wide: remove a few rare non-ASCII chars
2022-03-04 08:58:32 +01:00
quic_frame.c
CLEANUP: quic: wrong use of eb*entry() macro
2022-05-12 17:48:35 +02:00
quic_loss.c
BUG/MINOR: quic: Missing time threshold multiplifier for loss delay computation
2022-04-29 16:46:56 +02:00
quic_sock.c
MINOR: quic: Move quic_lstnr_dgram_dispatch() out of xprt_quic.c
2022-05-20 16:57:12 +02:00
quic_stats.c
MINOR: quic_stats: Add a new stats module for QUIC
2022-05-20 17:11:13 +02:00
quic_stream.c
CLEANUP: quic: wrong use of eb*entry() macro
2022-05-12 17:48:35 +02:00
quic_tls.c
MINOR: quic_tls: Add quic_tls_decrypt2() implementation
2022-05-20 16:57:12 +02:00
raw_sock.c
MINOR: tree-wide: always consider EWOULDBLOCK in addition to EAGAIN
2022-04-25 20:32:15 +02:00
regex.c
resolvers.c
MINOR: protocol: replace ctrl_type with xprt_type and clarify it
2022-05-20 18:39:43 +02:00
ring.c
CLEANUP: applet: remove the unneeded appctx->owner
2022-05-13 14:28:48 +02:00
sample.c
MEDIUM: backend: add new "balance hash <expr>" algorithm
2022-04-25 16:09:26 +02:00
server_state.c
BUILD: server-state: avoid using not-so-portable isblank()
2022-01-28 19:04:02 +01:00
server.c
CLEANUP: applet: remove the unneeded appctx->owner
2022-05-13 14:28:48 +02:00
session.c
BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd()
2022-03-11 07:25:11 +01:00
sha1.c
shctx.c
MINOR: shctx: add a few BUG_ON() for consistency checks
2021-11-19 19:25:13 +01:00
signal.c
sink.c
MINOR: applet: Add API to start applet on a thread subset
2022-05-17 16:13:22 +02:00
slz.c
IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode
2021-12-06 09:14:20 +01:00
sock_inet.c
CLEANUP: tree-wide: use fd_set_nonblock() and fd_set_cloexec()
2022-04-26 10:59:48 +02:00
sock_unix.c
CLEANUP: tree-wide: use fd_set_nonblock() and fd_set_cloexec()
2022-04-26 10:59:48 +02:00
sock.c
MINOR: connection: get rid of the CO_FL_ADDR_*_SET flags
2022-05-02 17:47:46 +02:00
ssl_ckch.c
BUG/MINOR: ssl: Fix crash when no private key is found in pem
2022-05-17 15:51:41 +02:00
ssl_crtlist.c
CLEANUP: applet: remove the unneeded appctx->owner
2022-05-13 14:28:48 +02:00
ssl_sample.c
CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h
2022-04-26 10:59:48 +02:00
ssl_sock.c
CLEANUP: listener: replace bind_conf->generate_cers with BC_O_GENERATE_CERTS
2022-05-20 18:39:43 +02:00
ssl_utils.c
CLEANUP: Add missing header to ssl_utils.c
2022-05-17 11:40:33 +02:00
stats.c
CLEANUP: applet: remove the unneeded appctx->owner
2022-05-13 14:28:48 +02:00
stick_table.c
CLEANUP: applet: remove the unneeded appctx->owner
2022-05-13 14:28:48 +02:00
stream.c
CLEANUP: http_ana: Make use of the return value of stream_generate_unique_id()
2022-05-18 07:19:01 +02:00
task.c
BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks
2022-02-14 20:10:43 +01:00
tcp_act.c
BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port]
2022-05-06 17:02:15 +02:00
tcp_rules.c
CLEANUP: tree-wide: Remove any ref to stream-interfaces
2022-04-13 15:10:16 +02:00
tcp_sample.c
CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h
2022-04-26 10:59:48 +02:00
tcpcheck.c
MEDIUM: check: Use the CS to handle subscriptions for read/write events
2022-05-19 10:12:38 +02:00
thread.c
CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h
2022-04-26 10:59:48 +02:00
time.c
tools.c
CLEANUP: tools: Crash if inet_ntop fails due to ENOSPC in sa2str
2022-05-23 09:39:32 +02:00
trace.c
BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner
2022-03-18 17:43:28 +01:00
uri_auth.c
uri_normalizer.c
vars.c
CLEANUP: vars: move the per-process variables initialization to vars.c
2022-02-23 17:11:33 +01:00
version.c
wdt.c
BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized
2022-05-13 11:28:08 +02:00
xprt_handshake.c
BUILD: xprt: use an initcall to register the transport layers
2022-04-25 19:18:24 +02:00
xprt_quic.c
Revert "MINOR: quic: activate QUIC traces at compilation"
2022-05-23 11:06:42 +02:00