summaryrefslogtreecommitdiffstats
path: root/debian/patches/BUG-MINOR-h3-reject-more-chars-from-the-path-pseudo-.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:35:12 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:35:12 +0000
commit89057599f4791f03c1ee5de836fbe2b5ea434aa9 (patch)
tree09ef6df146509f94541c1afe9cbd78b7f75e81e7 /debian/patches/BUG-MINOR-h3-reject-more-chars-from-the-path-pseudo-.patch
parentAdding upstream version 2.6.12. (diff)
downloadhaproxy-89057599f4791f03c1ee5de836fbe2b5ea434aa9.tar.xz
haproxy-89057599f4791f03c1ee5de836fbe2b5ea434aa9.zip
Adding debian version 2.6.12-1+deb12u1.debian/2.6.12-1+deb12u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/BUG-MINOR-h3-reject-more-chars-from-the-path-pseudo-.patch')
-rw-r--r--debian/patches/BUG-MINOR-h3-reject-more-chars-from-the-path-pseudo-.patch71
1 files changed, 71 insertions, 0 deletions
diff --git a/debian/patches/BUG-MINOR-h3-reject-more-chars-from-the-path-pseudo-.patch b/debian/patches/BUG-MINOR-h3-reject-more-chars-from-the-path-pseudo-.patch
new file mode 100644
index 0000000..cbc086c
--- /dev/null
+++ b/debian/patches/BUG-MINOR-h3-reject-more-chars-from-the-path-pseudo-.patch
@@ -0,0 +1,71 @@
+From: Willy Tarreau <w@1wt.eu>
+Date: Tue, 8 Aug 2023 17:54:26 +0200
+Subject: BUG/MINOR: h3: reject more chars from the :path pseudo header
+Origin: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=eacaa76e7b0e4182dfd17e1e7ca8c02c1cdab72c
+
+This is the h3 version of this previous fix:
+
+ BUG/MINOR: h2: reject more chars from the :path pseudo header
+
+In addition to the current NUL/CR/LF, this will also reject all other
+control chars, the space and '#' from the :path pseudo-header, to avoid
+taking the '#' for a part of the path. It's still possible to fall back
+to the previous behavior using "option accept-invalid-http-request".
+
+Here the :path header value is scanned a second time to look for
+forbidden chars because we don't know upfront if we're dealing with a
+path header field or another one. This is no big deal anyway for now.
+
+This should be progressively backported to 2.6, along with the
+following commits it relies on (the same as for h2):
+
+ REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri tests
+ REORG: http: move has_forbidden_char() from h2.c to http.h
+ MINOR: ist: add new function ist_find_range() to find a character range
+ MINOR: http: add new function http_path_has_forbidden_char()
+
+(cherry picked from commit 2e97857a845540887a92029a566deb5b51f61d0b)
+Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
+(cherry picked from commit 96dfea858edab8f1f63fa6e4df43f505b81fdad9)
+Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
+(cherry picked from commit 97c15782afd9c70281ff0c72971485227494cc12)
+Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
+---
+ src/h3.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/src/h3.c b/src/h3.c
+index b42d41647e4e..e519fb4432e7 100644
+--- a/src/h3.c
++++ b/src/h3.c
+@@ -402,6 +402,7 @@ static ssize_t h3_headers_to_htx(struct qcs *qcs, const struct buffer *buf,
+ int hdr_idx, ret;
+ int cookie = -1, last_cookie = -1, i;
+ const char *ctl;
++ int relaxed = !!(h3c->qcc->proxy->options2 & PR_O2_REQBUG_OK);
+
+ /* RFC 9114 4.1.2. Malformed Requests and Responses
+ *
+@@ -500,6 +501,19 @@ static ssize_t h3_headers_to_htx(struct qcs *qcs, const struct buffer *buf,
+ len = -1;
+ goto out;
+ }
++
++ if (!relaxed) {
++ /* we need to reject any control chars or '#' from the path,
++ * unless option accept-invalid-http-request is set.
++ */
++ ctl = ist_find_range(list[hdr_idx].v, 0, '#');
++ if (unlikely(ctl) && http_path_has_forbidden_char(list[hdr_idx].v, ctl)) {
++ TRACE_ERROR("forbidden character in ':path' pseudo-header", H3_EV_RX_FRAME|H3_EV_RX_HDR, qcs->qcc->conn, qcs);
++ len = -1;
++ goto out;
++ }
++ }
++
+ path = list[hdr_idx].v;
+ }
+ else if (isteq(list[hdr_idx].n, ist(":scheme"))) {
+--
+2.43.0
+