[6.2] 34717183b Be stricter on final [CR]LF parsing in http1_dissect_hdrs

[Martin Blix Grydeland]

commit 34717183beda3803e3d54c9826a1a9f026ca2505
Author: Martin Blix Grydeland <martin at varnish-software.com>
Date:   Thu Aug 15 11:19:41 2019 +0200

    Be stricter on final [CR]LF parsing in http1_dissect_hdrs
    
    The end of http1_dissect_hdrs ends with skipping over the final [CR]LF
    that marks then end of the headers. Currently that skip is optional, that
    is, it is skipped if it was present.
    
    This patch adds an assert if the final [CR]LF is not found when finishing
    the parsing. HTTP1_Complete guarantees that it is there, if not we would
    not have started parsing the request or response in the first place, and
    if it is missing, there must be an error in the parsing leading up to it.

diff --git a/bin/varnishd/http1/cache_http1_proto.c b/bin/varnishd/http1/cache_http1_proto.c
index 53d542196..7f34e19be 100644
--- a/bin/varnishd/http1/cache_http1_proto.c
+++ b/bin/varnishd/http1/cache_http1_proto.c
@@ -111,6 +111,7 @@ http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc,
     unsigned maxhdr)
 {
 	char *q, *r, *s;
+	int i;
 
 	assert(p > htc->rxbuf_b);
 	assert(p <= htc->rxbuf_e);
@@ -200,11 +201,9 @@ http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc,
 			return (400);
 		}
 	}
-	/* We cannot use vct_skipcrlf() we have to respect rxbuf_e */
-	if (p+2 <= htc->rxbuf_e && p[0] == '\r' && p[1] == '\n')
-		p += 2;
-	else if (p+1 <= htc->rxbuf_e && p[0] == '\n')
-		p += 1;
+	i = vct_iscrlf(p, htc->rxbuf_e);
+	assert(i > 0);		/* HTTP1_Complete guarantees this */
+	p += i;
 	HTC_RxPipeline(htc, p);
 	htc->rxbuf_e = p;
 	return (0);