[master] 84ad0a7 Be a bit less Postel-y about http header charactersets.

Tue Jun 5 07:45:17 UTC 2018

commit 84ad0a7236a43c5b6fef2a7be37901b230fc8999
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Tue Jun 5 07:43:55 2018 +0000

    Be a bit less Postel-y about http header charactersets.

diff --git a/bin/varnishd/http1/cache_http1_proto.c b/bin/varnishd/http1/cache_http1_proto.c
index ad44218..9d1c072 100644
--- a/bin/varnishd/http1/cache_http1_proto.c
+++ b/bin/varnishd/http1/cache_http1_proto.c
@@ -116,7 +116,7 @@ static uint16_t
 http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc,
     unsigned maxhdr)
 {
-	char *q, *r;
+	char *q, *r, *s;
 
 	assert(p > htc->rxbuf_b);
 	assert(p <= htc->rxbuf_e);
@@ -188,7 +188,14 @@ http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc,
 			q--;
 		*q = '\0';
 
-		if (strchr(p, ':') == NULL) {
+		for (s = p; *s != ':' && s < q; s++) {
+			if (!vct_istchar(*s)) {
+				VSLb(hp->vsl, SLT_BogoHeader,
+				    "Illegal char 0x%02x in header name", *s);
+				return (400);
+			}
+		}
+		if (*s != ':') {
 			VSLb(hp->vsl, SLT_BogoHeader, "Header without ':' %.*s",
 			    (int)(q - p > 20 ? 20 : q - p), p);
 			return (400);
@@ -204,18 +211,6 @@ http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc,
 			    (int)(q - p > 20 ? 20 : q - p), p);
 			return (400);
 		}
-
-		for (; p < q; p++) {
-			if (vct_islws(*p)) {
-				VSLb(hp->vsl, SLT_BogoHeader,
-				    "Space in header '%.*s'",
-				    (int)Tlen(hp->hd[hp->nhd - 1]),
-				    hp->hd[hp->nhd - 1].b);
-				return (400);
-			}
-			if (*p == ':')
-				break;
-		}
 	}
 	if (p < htc->rxbuf_e)
 		p += vct_skipcrlf(p);
diff --git a/bin/varnishtest/tests/b00049.vtc b/bin/varnishtest/tests/b00049.vtc
index 7d2e289..af3cac7 100644
--- a/bin/varnishtest/tests/b00049.vtc
+++ b/bin/varnishtest/tests/b00049.vtc
@@ -7,6 +7,11 @@ server s1 {
 
 varnish v1 -vcl+backend { } -start
 
+logexpect l1 -v v1 -g raw {
+	expect * 1004	BogoHeader	"Illegal char 0x20 in header name"
+	expect * 1006	BogoHeader	"Illegal char 0x2f in header name"
+} -start
+
 client c1 {
 	send "GET / HTTP/1.1\r\n"
 	send "Host: foo\r\n"
@@ -30,3 +35,14 @@ client c1 {
 	rxresp
 	expect resp.status == 400
 } -run
+
+client c1 {
+	send "GET / HTTP/1.1\r\n"
+	send "Host: foo\r\n"
+	send "Accept/Encoding: gzip\r\n"
+	send "\r\n"
+	rxresp
+	expect resp.status == 400
+} -run
+
+logexpect l1 -wait
