RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-16 08:24:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

MEDIUM: h1: consider err_pos before deciding to accept a header name or not

Browse Source 
Till now the H1 parser made for H2 used to be lenient on invalid header
field names because they were supposed to be produced by haproxy. Now
instead we'll rely on err_pos to know how to act (ie: -2 == must block).
This commit is contained in:
Willy Tarreau 2018-09-12 09:20:40 +02:00
parent 9b8cd1f183
commit 9aec30557b
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/h1.c
View File

@ -864,16 +864,15 @@ int h1_headers_to_hdr_list(char *start, const char *stop,
EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_l1_sp, http_msg_ood, state, H1_MSG_HDR_L1_SP); EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_l1_sp, http_msg_ood, state, H1_MSG_HDR_L1_SP);
} }
if (HTTP_IS_LWS(*ptr)) { if (likely(h1m->err_pos < -1) || *ptr == '\n') {
state = H1_MSG_HDR_NAME; state = H1_MSG_HDR_NAME;
goto http_msg_invalid; goto http_msg_invalid;
} }
/* now we have a non-token character in the header field name, if (h1m->err_pos == -1) /* capture the error pointer */
* it's up to the H1 layer to have decided whether or not it h1m->err_pos = ptr - start + skip; /* >= 0 now */
* was acceptable. If we find it here, it was considered
* acceptable due to configuration rules so we obey. /* and we still accept this non-token character */
*/
EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_name, http_msg_ood, state, H1_MSG_HDR_NAME); EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_name, http_msg_ood, state, H1_MSG_HDR_NAME);
case H1_MSG_HDR_L1_SP: case H1_MSG_HDR_L1_SP: