[6.0] 3eb7a0458 Be stricter on final [CR]LF parsing in http1_dissect_hdrs

[Martin Blix Grydeland]

commit 3eb7a04587d235bec5a312d3eae652abd8a63a14
Author: Martin Blix Grydeland <martin at varnish-software.com>
Date:   Thu Aug 15 11:19:41 2019 +0200

    Be stricter on final [CR]LF parsing in http1_dissect_hdrs
    
    The end of http1_dissect_hdrs ends with skipping over the final [CR]LF
    that marks then end of the headers. Currently that skip is optional, that
    is, it is skipped if it was present.
    
    This patch adds an assert if the final [CR]LF is not found when finishing
    the parsing. HTTP1_Complete guarantees that it is there, if not we would
    not have started parsing the request or response in the first place, and
    if it is missing, there must be an error in the parsing leading up to it.

diff --git a/bin/varnishd/http1/cache_http1_proto.c b/bin/varnishd/http1/cache_http1_proto.c
index e55555bf1..e5203a94e 100644
--- a/bin/varnishd/http1/cache_http1_proto.c
+++ b/bin/varnishd/http1/cache_http1_proto.c
@@ -111,6 +111,7 @@ http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc,
     unsigned maxhdr)
 {
 	char *q, *r, *s;
+	int i;
 
 	assert(p > htc->rxbuf_b);
 	assert(p <= htc->rxbuf_e);
@@ -206,11 +207,9 @@ http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc,
 			return (400);
 		}
 	}
-	/* We cannot use vct_skipcrlf() we have to respect rxbuf_e */
-	if (p+2 <= htc->rxbuf_e && p[0] == '\r' && p[1] == '\n')
-		p += 2;
-	else if (p+1 <= htc->rxbuf_e && p[0] == '\n')
-		p += 1;
+	i = vct_iscrlf(p, htc->rxbuf_e);
+	assert(i > 0);		/* HTTP1_Complete guarantees this */
+	p += i;
 	HTC_RxPipeline(htc, p);
 	htc->rxbuf_e = p;
 	return (0);