[master] 1d4149f H/2: Fail streams with missing :method or :path

Dag Haavi Finstad daghf at varnish-software.com
Mon Dec 18 12:51:05 UTC 2017 

commit 1d4149f26e96a866a179ab9a75907230bd9dab84
Author: Dag Haavi Finstad <daghf at varnish-software.com>
Date:   Tue Dec 12 11:23:00 2017 +0100

    H/2: Fail streams with missing :method or :path
    
    Fixes: #2351

diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c
index 5dd01c1..89eb620 100644
--- a/bin/varnishd/http2/cache_http2_proto.c
+++ b/bin/varnishd/http2/cache_http2_proto.c
@@ -536,6 +536,16 @@ h2_end_headers(struct worker *wrk, struct h2_sess *h2,
 			return (H2CE_PROTOCOL_ERROR); //rfc7540,l,1838,1840
 	}
 
+	if (req->http->hd[HTTP_HDR_METHOD].b == NULL) {
+		VSLb(h2->vsl, SLT_Debug, "Missing :method");
+		return (H2SE_PROTOCOL_ERROR); //rfc7540,l,3087,3090
+	}
+	if(req->http->hd[HTTP_HDR_URL].b == NULL) {
+		VSLb(h2->vsl, SLT_Debug, "Missing :path");
+		return (H2SE_PROTOCOL_ERROR); //rfc7540,l,3087,3090
+	}
+	AN(req->http->hd[HTTP_HDR_PROTO].b);
+
 	req->req_step = R_STP_TRANSPORT;
 	req->task.func = h2_do_req;
 	req->task.priv = req;
diff --git a/bin/varnishtest/tests/r02351.vtc b/bin/varnishtest/tests/r02351.vtc
new file mode 100644
index 0000000..d2ee19a
--- /dev/null
+++ b/bin/varnishtest/tests/r02351.vtc
@@ -0,0 +1,45 @@
+varnishtest "#2351: :path/:method error handling"
+
+server s1 {
+	rxreq
+	txresp
+} -start
+
+varnish v1 -vcl+backend {} -start
+varnish v1 -cliok "param.set feature +http2"
+varnish v1 -cliok "param.set debug +syncvsl"
+
+client c1 {
+	# missing everything
+	stream 1 {
+		txreq -noadd
+		rxrst
+		expect rst.err == PROTOCOL_ERROR
+	} -run
+
+	# missing :path
+	stream 3 {
+		txreq -noadd -hdr ":authority" "example.com"  -hdr ":method" "GET" -hdr ":scheme" "http"
+		rxrst
+		expect rst.err == PROTOCOL_ERROR
+	} -run
+
+	# missing :method
+	stream 5 {
+		txreq -noadd -hdr ":authority" "example.com"  -hdr ":path" "/foo" -hdr ":scheme" "http"
+		rxrst
+		expect rst.err == PROTOCOL_ERROR
+	} -run
+
+	# Duplicate :path
+	stream 7 {
+		txreq -noadd -hdr ":path" "/" -hdr ":path" "/foo" -hdr ":method" "GET" -hdr ":authority" "example.com" -hdr ":scheme" "http"
+		rxrst
+		expect rst.err == PROTOCOL_ERROR
+	} -run
+} -run
+
+varnish v1 -expect MEMPOOL.req0.live == 0
+varnish v1 -expect MEMPOOL.req1.live == 0
+varnish v1 -expect MEMPOOL.sess0.live == 0
+varnish v1 -expect MEMPOOL.sess1.live == 0

More information about the varnish-commit mailing list