[master] 55753f98b Centralize check for multiple Host: and Content-Length headers. Increment client_req_400 in more cases.

Poul-Henning Kamp phk at FreeBSD.org
Tue Oct 12 12:15:07 UTC 2021 

commit 55753f98b1b392766bd4baed7eb684c006225f57
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Tue Oct 12 11:26:58 2021 +0000

    Centralize check for multiple Host: and Content-Length headers.
    Increment client_req_400 in more cases.

diff --git a/bin/varnishd/cache/cache_req_fsm.c b/bin/varnishd/cache/cache_req_fsm.c
index 5116c8c4c..e754014e7 100644
--- a/bin/varnishd/cache/cache_req_fsm.c
+++ b/bin/varnishd/cache/cache_req_fsm.c
@@ -110,6 +110,7 @@ cnt_transport(struct worker *wrk, struct req *req)
 
 	req->doclose = http_DoConnection(req->http, SC_REQ_CLOSE);
 	if (req->doclose == SC_RX_BAD) {
+		wrk->stats->client_req_400++;
 		(void)req->transport->minimal_response(req, 400);
 		return (REQ_FSM_DONE);
 	}
@@ -927,6 +928,20 @@ cnt_recv(struct worker *wrk, struct req *req)
 
 	http_VSL_log(req->http);
 
+	if (http_CountHdr(req->http0, H_Host) > 1) {
+		VSLb(req->vsl, SLT_BogoHeader, "Multiple Host: headers");
+		wrk->stats->client_req_400++;
+		(void)req->transport->minimal_response(req, 400);
+		return (REQ_FSM_DONE);
+	}
+
+	if (http_CountHdr(req->http0, H_Content_Length) > 1) {
+		VSLb(req->vsl, SLT_BogoHeader, "Multiple Content-Length: headers");
+		wrk->stats->client_req_400++;
+		(void)req->transport->minimal_response(req, 400);
+		return (REQ_FSM_DONE);
+	}
+
 	cnt_recv_prep(req, ci);
 
 	if (req->req_body_status == BS_ERROR) {
diff --git a/bin/varnishd/http1/cache_http1_proto.c b/bin/varnishd/http1/cache_http1_proto.c
index eb19825cc..f56a29b52 100644
--- a/bin/varnishd/http1/cache_http1_proto.c
+++ b/bin/varnishd/http1/cache_http1_proto.c
@@ -368,12 +368,6 @@ HTTP1_DissectRequest(struct http_conn *htc, struct http *hp)
 	if (hp->protover < 10 || hp->protover > 11)
 		return (400);
 
-	if (http_CountHdr(hp, H_Host) > 1)
-		return (400);
-
-	if (http_CountHdr(hp, H_Content_Length) > 1)
-		return (400);
-
 	/* RFC2616, section 5.2, point 1 */
 	if (http_scheme_at(hp->hd[HTTP_HDR_URL].b, http))
 		b = hp->hd[HTTP_HDR_URL].b + 7;
diff --git a/bin/varnishtest/tests/b00037.vtc b/bin/varnishtest/tests/b00037.vtc
index 1b7c31235..74fad6118 100644
--- a/bin/varnishtest/tests/b00037.vtc
+++ b/bin/varnishtest/tests/b00037.vtc
@@ -8,6 +8,7 @@ client c1 {
 	expect resp.status == 400
 } -run
 
+varnish v1 -vsl_catchup
 varnish v1 -expect client_req_400 == 1
 
 client c1 {
@@ -16,4 +17,28 @@ client c1 {
 	expect resp.status == 400
 } -run
 
+varnish v1 -vsl_catchup
 varnish v1 -expect client_req_400 == 2
+
+varnish v1 -cliok "param.set feature +http2"
+
+client c2 {
+	stream 7 {
+		txreq -hdr host foo -hdr host bar
+		rxresp
+		expect resp.status == 400
+	} -run
+} -run
+
+varnish v1 -vsl_catchup
+varnish v1 -expect client_req_400 == 3
+
+client c3 {
+	stream 3 {
+		txreq -req POST -hdr content-length 12 -hdr content-length 13 -body request
+		rxrst
+	} -run
+} -run
+
+varnish v1 -vsl_catchup
+varnish v1 -expect client_req_400 == 4

More information about the varnish-commit mailing list