commit a51ebb7f56b162d995154146fb1d0be369d95f8b
author Christopher Faulet <cfaulet@haproxy.com> Fri Mar 29 15:03:13 2019 +0100
committer Christopher Faulet <cfaulet@haproxy.com> Fri Apr 12 22:06:53 2019 +0200
tree e5464dd64a3c85fc3b14de0c9287e2499e378223
parent b829f4c7261779199153f19a0257332f365217b5

MEDIUM: h1: Add an option to sanitize connection headers during parsing

The flag H1_MF_CLEAN_CONN_HDR has been added to let the H1 parser sanitize
connection headers. It means it will remove all "close" and "keep-alive" values
during the parsing. One noticeable effect is that connection headers may be
unfolded. In practice, this is not a problem because it is not frequent to have
multiple values for the connection headers.

If this flag is set, during the parsing The function
h1_parse_next_connection_header() is called in a loop instead of
h1_parse_conection_header().

No need to backport this patch

src/h1.c

diff --git a/src/h1.c b/src/h1.c
index 38d13c6..d89bcb5 100644
--- a/src/h1.c
+++ b/src/h1.c
@@ -132,15 +132,20 @@
  * "keep-alive", and "upgrade" values, and updating h1m->flags according to
  * what was found there. Note that flags are only added, not removed, so the
  * function is safe for being called multiple times if multiple occurrences
- * are found.
+ * are found. If the flag H1_MF_CLEAN_CONN_HDR, the header value is cleaned
+ * up from "keep-alive" and "close" values. To do so, the header value is
+ * rewritten in place and its length is updated.
  */
-void h1_parse_connection_header(struct h1m *h1m, struct ist value)
+void h1_parse_connection_header(struct h1m *h1m, struct ist *value)
 {
-	char *e, *n;
+	char *e, *n, *p;
 	struct ist word;
 
-	word.ptr = value.ptr - 1; // -1 for next loop's pre-increment
-	e = value.ptr + value.len;
+	word.ptr = value->ptr - 1; // -1 for next loop's pre-increment
+	p = value->ptr;
+	e = value->ptr + value->len;
+	if (h1m->flags & H1_MF_CLEAN_CONN_HDR)
+		value->len = 0;
 
 	while (++word.ptr < e) {
 		/* skip leading delimitor and blanks */
@@ -154,14 +159,33 @@
 		while (word.len && HTTP_IS_LWS(word.ptr[word.len-1]))
 			word.len--;
 
-		if (isteqi(word, ist("keep-alive")))
+		if (isteqi(word, ist("keep-alive"))) {
 			h1m->flags |= H1_MF_CONN_KAL;
-		else if (isteqi(word, ist("close")))
+			if (h1m->flags & H1_MF_CLEAN_CONN_HDR)
+				goto skip_val;
+		}
+		else if (isteqi(word, ist("close"))) {
 			h1m->flags |= H1_MF_CONN_CLO;
+			if (h1m->flags & H1_MF_CLEAN_CONN_HDR)
+				goto skip_val;
+		}
 		else if (isteqi(word, ist("upgrade")))
 			h1m->flags |= H1_MF_CONN_UPG;
 
-		word.ptr = n;
+		if (h1m->flags & H1_MF_CLEAN_CONN_HDR) {
+			if (value->ptr + value->len == p) {
+				/* no rewrite done till now */
+				value->len = n - value->ptr;
+			}
+			else {
+				if (value->len)
+					value->ptr[value->len++] = ',';
+				istcat(value, word, e - value->ptr);
+			}
+		}
+
+	  skip_val:
+		word.ptr = p = n;
 	}
 }
 
@@ -802,7 +826,11 @@
 					}
 				}
 				else if (isteqi(n, ist("connection"))) {
-					h1_parse_connection_header(h1m, v);
+					h1_parse_connection_header(h1m, &v);
+					if (!v.len) {
+						/* skip it */
+						break;
+					}
 				}
 
 				http_set_hdr(&hdr[hdr_count++], n, v);