[6.0] 6329cd86b http2: Filter out all connection-specific headers
Martin Blix Grydeland
martin at varnish-software.com
Tue Nov 8 10:03:08 UTC 2022
commit 6329cd86ba23da1afc37eaca59467d522813145b
Author: AlveElde <alve_elde at hotmail.com>
Date: Thu Sep 29 16:20:49 2022 +0200
http2: Filter out all connection-specific headers
Now that http_DoConnection() is used without respecting the SC_RX_BAD
return value it should not return early when encountering a well-known
header.
diff --git a/bin/varnishd/cache/cache_http.c b/bin/varnishd/cache/cache_http.c
index 4c1f525aa..ba7e16cfb 100644
--- a/bin/varnishd/cache/cache_http.c
+++ b/bin/varnishd/cache/cache_http.c
@@ -718,17 +718,21 @@ http_DoConnection(struct http *hp)
AN(h);
while (http_split(&h, NULL, ",", &b, &e)) {
u = pdiff(b, e);
- if (u == 5 && !strncasecmp(b, "close", u))
+ if (u == 5 && retval != SC_RX_BAD &&
+ !strncasecmp(b, "close", u))
retval = SC_REQ_CLOSE;
- if (u == 10 && !strncasecmp(b, "keep-alive", u))
+ if (u == 10 && retval != SC_RX_BAD &&
+ !strncasecmp(b, "keep-alive", u))
retval = SC_NULL;
/* Refuse removal of well-known-headers if they would pass. */
/*lint -save -e506 [constant value boolean] */
#define HTTPH(a, x, c) \
if (!((c) & HTTPH_R_PASS) && \
- strlen(a) == u && !strncasecmp(a, b, u)) \
- return (SC_RX_BAD);
+ strlen(a) == u && !strncasecmp(a, b, u)) { \
+ retval = SC_RX_BAD; \
+ continue; \
+ }
#include "tbl/http_headers.h"
/*lint -restore */
diff --git a/bin/varnishtest/tests/r03416.vtc b/bin/varnishtest/tests/r03416.vtc
index 3d7431353..9346d6841 100644
--- a/bin/varnishtest/tests/r03416.vtc
+++ b/bin/varnishtest/tests/r03416.vtc
@@ -2,15 +2,16 @@ varnishtest "Filter hop-by-hop headers out of h2 responses"
server s1 {
rxreq
- txresp
+ txresp -body "water"
} -start
varnish v1 -cliok "param.set feature +http2"
varnish v1 -vcl+backend {
sub vcl_deliver {
set resp.http.Keep-Alive = "timeout=5, max=1000";
- set resp.http.Connection = "other";
+ set resp.http.Connection = "other, Content-Length, another";
set resp.http.Other = "foo";
+ set resp.http.Another = "bar";
}
} -start
@@ -21,5 +22,7 @@ client c1 {
expect resp.http.keep-alive == <undef>
expect resp.http.connection == <undef>
expect resp.http.other == <undef>
+ expect resp.http.another == <undef>
+ expect resp.http.Content-Length == 5
} -run
} -run
More information about the varnish-commit
mailing list