BUG/MEDIUM: h1: Reject CONNECT request if the target has a scheme
The target of a CONNECT request must not have scheme. However, this was not checked during the message parsing. It is now rejected. This patch may be backported as far as 2.4.
This commit is contained in:
Christopher Faulet
parent
d724b0d147
commit
d3d9d83f03
6
src/h1.c
6
src/h1.c
@ -183,11 +183,11 @@ int h1_parse_xfer_enc_header(struct h1m *h1m, struct ist value)
|
||||
* is hast header, its value is normalized. 0 is returned on success, -1 if the
|
||||
* authority is invalid and -2 if the host is invalid.
|
||||
*/
|
||||
static int h1_validate_connect_authority(struct ist authority, struct ist *host_hdr)
|
||||
static int h1_validate_connect_authority(struct ist scheme, struct ist authority, struct ist *host_hdr)
|
||||
{
|
||||
struct ist uri_host, uri_port, host, host_port;
|
||||
|
||||
if (!isttest(authority))
|
||||
if (isttest(scheme) || !isttest(authority))
|
||||
goto invalid_authority;
|
||||
uri_host = authority;
|
||||
uri_port = http_get_host_port(authority);
|
||||
@ -1112,7 +1112,7 @@ int h1_headers_to_hdr_list(char *start, const char *stop,
|
||||
if (sl.rq.meth == HTTP_METH_CONNECT) {
|
||||
struct ist *host = ((host_idx != -1) ? &hdr[host_idx].v : NULL);
|
||||
|
||||
ret = h1_validate_connect_authority(authority, host);
|
||||
ret = h1_validate_connect_authority(scheme, authority, host);
|
||||
if (ret < 0) {
|
||||
if (h1m->err_pos < -1) {
|
||||
state = H1_MSG_LAST_LF;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user