Mailing List Archive

[master] 8d97b6719 h2: Allow :path * for OPTIONS
commit 8d97b67195e44d6238c9b2b91f82cbbb1e8fc701
Author: Dag Haavi Finstad <daghf@varnish-software.com>
Date: Fri Mar 10 19:59:50 2023 +0100

h2: Allow :path * for OPTIONS

diff --git a/bin/varnishd/http2/cache_http2_hpack.c b/bin/varnishd/http2/cache_http2_hpack.c
index 0efe5fa66..36570a751 100644
--- a/bin/varnishd/http2/cache_http2_hpack.c
+++ b/bin/varnishd/http2/cache_http2_hpack.c
@@ -136,8 +136,9 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
disallow_empty = 1;

// rfc7540,l,3060,3071
- if ((len > 0 && *b != '/') ||
- (len > 1 && *(b+1) == '/')) {
+ if (((len > 0 && *b != '/') ||
+ (len > 1 && *(b+1) == '/')) &&
+ (strncmp(b, "*", len) != 0)) {
VSLb(hp->vsl, SLT_BogoHeader,
"Illegal :path pseudo-header %.*s",
(int)len, b);
diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c
index fa50c6ec7..c1ced04b6 100644
--- a/bin/varnishd/http2/cache_http2_proto.c
+++ b/bin/varnishd/http2/cache_http2_proto.c
@@ -620,6 +620,13 @@ h2_end_headers(struct worker *wrk, struct h2_sess *h2,
}
AN(req->http->hd[HTTP_HDR_PROTO].b);

+ if (*req->http->hd[HTTP_HDR_URL].b == '*' &&
+ (Tlen(req->http->hd[HTTP_HDR_METHOD]) != 7 ||
+ strncmp(req->http->hd[HTTP_HDR_METHOD].b, "OPTIONS", 7))) {
+ VSLb(h2->vsl, SLT_BogoHeader, "Illegal :path pseudo-header");
+ return (H2SE_PROTOCOL_ERROR); //rfc7540,l,3068,3071
+ }
+
assert(req->req_step == R_STP_TRANSPORT);
VCL_TaskEnter(req->privs);
VCL_TaskEnter(req->top->privs);
diff --git a/bin/varnishtest/tests/a02027.vtc b/bin/varnishtest/tests/a02027.vtc
index 731f72aca..ff34b0071 100644
--- a/bin/varnishtest/tests/a02027.vtc
+++ b/bin/varnishtest/tests/a02027.vtc
@@ -27,3 +27,43 @@ client c1 {
} -run

} -run
+
+client c1 {
+ stream 3 {
+ txreq -noadd -hdr ":authority" "foo.com" -hdr ":path" "*a" -hdr ":scheme" "http" -hdr ":method" "GET"
+ rxrst
+ expect rst.err == PROTOCOL_ERROR
+ } -run
+} -run
+
+client c1 {
+ stream 1 {
+ txreq -noadd -hdr ":authority" "foo.com" -hdr ":path" "*" -hdr ":scheme" "http" -hdr ":method" "GET"
+ rxrst
+ expect rst.err == PROTOCOL_ERROR
+ } -run
+} -run
+
+client c1 {
+ stream 1 {
+ txreq -noadd -hdr ":authority" "foo.com" -hdr ":path" "*" -hdr ":scheme" "http" -hdr ":method" "OPTIONS"
+ rxresp
+ expect resp.status == 200
+ } -run
+} -run
+
+client c1 {
+ stream 1 {
+ txreq -noadd -hdr ":authority" "foo.com" -hdr ":path" "*" -hdr ":scheme" "http" -hdr ":method" "OPTIONs"
+ rxrst
+ expect rst.err == PROTOCOL_ERROR
+ } -run
+} -run
+
+client c1 {
+ stream 1 {
+ txreq -noadd -hdr ":authority" "foo.com" -hdr ":path" "*" -hdr ":scheme" "http" -hdr ":method" "OPTIONSx"
+ rxrst
+ expect rst.err == PROTOCOL_ERROR
+ } -run
+} -run
_______________________________________________
varnish-commit mailing list
varnish-commit@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit