From 44f02d26f05a953ff28be02b74340cb767cab731 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Wed, 31 Jan 2024 15:04:11 +0100 Subject: [PATCH] BUG/MINOR: h1-htx: properly initialize the err_pos field Trailers are parsed using a temporary h1m struct, likely due to using distinct h1 parser states. However, the err_pos field that's used to decide whether or not to enfore option accept-invalid-http-request (or response) was not initialized in this struct, resulting in using a random value that may randomly accept or reject a few bad chars. The impact is very limited in trailers (e.g. no message size is transmitted there) but we must make sure that the option is respected, at least for users facing the need for this option there. The issue was introduced in 2.0 by commit 2d7c5395ed ("MEDIUM: htx: Add the parsing of trailers of chunked messages"), and the code moved from mux_h1.c to h1_htx.c in 2.1 with commit 4f0f88a9d0 ("MEDIUM: mux-h1/h1-htx: move HTX convertion of H1 messages in dedicated file") so the patch needs to be backported to all stable versions, and the file adjusted for 2.0. --- src/h1_htx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/h1_htx.c b/src/h1_htx.c index aed1714aff..f4f13fc129 100644 --- a/src/h1_htx.c +++ b/src/h1_htx.c @@ -900,6 +900,7 @@ int h1_parse_msg_tlrs(struct h1m *h1m, struct htx *dsthtx, b_slow_realign_ofs(srcbuf, trash.area, 0); tlr_h1m.flags = (H1_MF_NO_PHDR|H1_MF_HDRS_ONLY); + tlr_h1m.err_pos = h1m->err_pos; ret = h1_headers_to_hdr_list(b_peek(srcbuf, ofs), b_tail(srcbuf), hdrs, sizeof(hdrs)/sizeof(hdrs[0]), &tlr_h1m, NULL); if (ret <= 0) {