RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols 

This patch hardens the verification of the HTTP/1.x version line
(i.e. the first line within an HTTP/1.x request) to verify that
the protocol name within the version actually reads "HTTP".

Previously protocols that superficially resembled the wire-format
of HTTP/1.x and having a 4-letter acronym as the protocol name, such
as RTSP would pass this check.

This patch fixes GitHub issue #540, it must be backported to all
supported versions. The legacy, non-HTX parser is affected as well,
a fix must be created for it as well.

Note that such protocols can still be used when option
accept-invalid-http-request is set.
This commit is contained in:
Tim Duesterhus 2020-03-10 00:55:40 +01:00 committed by Willy Tarreau
parent 2cb3be76bf
commit 8f4116ea65
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/h1_htx.c
View File

@ -57,7 +57,7 @@ static int h1_process_req_vsn(struct h1m *h1m, union h1_sl *sl)
if (sl->rq.v.len != 8)
return 0;
if (*(sl->rq.v.ptr + 4) != '/' ||
if (!istnmatch(sl->rq.v, ist("HTTP/"), 5) ||
!isdigit((unsigned char)*(sl->rq.v.ptr + 5)) ||
*(sl->rq.v.ptr + 6) != '.' ||
!isdigit((unsigned char)*(sl->rq.v.ptr + 7)))