[6.0] 6329cd86b http2: Filter out all connection-specific headers

Martin Blix Grydeland martin at varnish-software.com
Tue Nov 8 10:03:08 UTC 2022 

commit 6329cd86ba23da1afc37eaca59467d522813145b
Author: AlveElde <alve_elde at hotmail.com>
Date:   Thu Sep 29 16:20:49 2022 +0200

    http2: Filter out all connection-specific headers
    
    Now that http_DoConnection() is used without respecting the SC_RX_BAD
    return value it should not return early when encountering a well-known
    header.

diff --git a/bin/varnishd/cache/cache_http.c b/bin/varnishd/cache/cache_http.c
index 4c1f525aa..ba7e16cfb 100644
--- a/bin/varnishd/cache/cache_http.c
+++ b/bin/varnishd/cache/cache_http.c
@@ -718,17 +718,21 @@ http_DoConnection(struct http *hp)
 	AN(h);
 	while (http_split(&h, NULL, ",", &b, &e)) {
 		u = pdiff(b, e);
-		if (u == 5 && !strncasecmp(b, "close", u))
+		if (u == 5 && retval != SC_RX_BAD &&
+		    !strncasecmp(b, "close", u))
 			retval = SC_REQ_CLOSE;
-		if (u == 10 && !strncasecmp(b, "keep-alive", u))
+		if (u == 10 && retval != SC_RX_BAD &&
+		    !strncasecmp(b, "keep-alive", u))
 			retval = SC_NULL;
 
 		/* Refuse removal of well-known-headers if they would pass. */
 /*lint -save -e506 [constant value boolean] */
 #define HTTPH(a, x, c)						\
 		if (!((c) & HTTPH_R_PASS) &&			\
-		    strlen(a) == u && !strncasecmp(a, b, u))	\
-			return (SC_RX_BAD);
+		    strlen(a) == u && !strncasecmp(a, b, u)) {	\
+			retval = SC_RX_BAD;			\
+			continue;				\
+		}
 #include "tbl/http_headers.h"
 /*lint -restore */
 
diff --git a/bin/varnishtest/tests/r03416.vtc b/bin/varnishtest/tests/r03416.vtc
index 3d7431353..9346d6841 100644
--- a/bin/varnishtest/tests/r03416.vtc
+++ b/bin/varnishtest/tests/r03416.vtc
@@ -2,15 +2,16 @@ varnishtest "Filter hop-by-hop headers out of h2 responses"
 
 server s1 {
 	rxreq
-	txresp
+	txresp -body "water"
 } -start
 
 varnish v1 -cliok "param.set feature +http2"
 varnish v1 -vcl+backend {
 	sub vcl_deliver {
 		set resp.http.Keep-Alive = "timeout=5, max=1000";
-		set resp.http.Connection = "other";
+		set resp.http.Connection = "other, Content-Length, another";
 		set resp.http.Other = "foo";
+		set resp.http.Another = "bar";
 	}
 } -start
 
@@ -21,5 +22,7 @@ client c1 {
 		expect resp.http.keep-alive == <undef>
 		expect resp.http.connection == <undef>
 		expect resp.http.other == <undef>
+		expect resp.http.another == <undef>
+		expect resp.http.Content-Length == 5
 	} -run
 } -run

More information about the varnish-commit mailing list