diff options
Diffstat (limited to 'debian/patches/REORG-http-move-has_forbidden_char-from-h2.c-to-http.patch')
-rw-r--r-- | debian/patches/REORG-http-move-has_forbidden_char-from-h2.c-to-http.patch | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/debian/patches/REORG-http-move-has_forbidden_char-from-h2.c-to-http.patch b/debian/patches/REORG-http-move-has_forbidden_char-from-h2.c-to-http.patch new file mode 100644 index 0000000..5bf1eef --- /dev/null +++ b/debian/patches/REORG-http-move-has_forbidden_char-from-h2.c-to-http.patch @@ -0,0 +1,109 @@ +From: Willy Tarreau <w@1wt.eu> +Date: Tue, 8 Aug 2023 17:00:50 +0200 +Subject: REORG: http: move has_forbidden_char() from h2.c to http.h +Origin: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=4a776fd01560a8dfa7a57b30b4d5249c8da7b12c + +This function is not H2 specific but rather generic to HTTP. We'll +need it in H3 soon, so let's move it to HTTP and rename it to +http_header_has_forbidden_char(). + +(cherry picked from commit d4069f3cee0f6e94afaec518b6373dd368073f52) + [ad: backported for next patch BUG/MAJOR: h3: reject header values + containing invalid chars] +Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com> +(cherry picked from commit 21c4ffd025115058994a3e2765c17fc3cee52f90) +Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com> +(cherry picked from commit 9c0bc4f201cf58c10706416cb4807c0f4794f8ac) +Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com> +--- + include/haproxy/http.h | 18 ++++++++++++++++++ + src/h2.c | 23 +++-------------------- + 2 files changed, 21 insertions(+), 20 deletions(-) + +diff --git a/include/haproxy/http.h b/include/haproxy/http.h +index f597ee4cd1dc..41eca98a1e87 100644 +--- a/include/haproxy/http.h ++++ b/include/haproxy/http.h +@@ -173,6 +173,24 @@ static inline struct http_uri_parser http_uri_parser_init(const struct ist uri) + return parser; + } + ++/* Looks into <ist> for forbidden characters for header values (0x00, 0x0A, ++ * 0x0D), starting at pointer <start> which must be within <ist>. Returns ++ * non-zero if such a character is found, 0 otherwise. When run on unlikely ++ * header match, it's recommended to first check for the presence of control ++ * chars using ist_find_ctl(). ++ */ ++static inline int http_header_has_forbidden_char(const struct ist ist, const char *start) ++{ ++ do { ++ if ((uint8_t)*start <= 0x0d && ++ (1U << (uint8_t)*start) & ((1<<13) | (1<<10) | (1<<0))) ++ return 1; ++ start++; ++ } while (start < istend(ist)); ++ return 0; ++} ++ ++ + #endif /* _HAPROXY_HTTP_H */ + + /* +diff --git a/src/h2.c b/src/h2.c +index f794262ee7af..76c936783461 100644 +--- a/src/h2.c ++++ b/src/h2.c +@@ -49,23 +49,6 @@ struct h2_frame_definition h2_frame_definition[H2_FT_ENTRIES] = { + [H2_FT_CONTINUATION ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, }, + }; + +-/* Looks into <ist> for forbidden characters for header values (0x00, 0x0A, +- * 0x0D), starting at pointer <start> which must be within <ist>. Returns +- * non-zero if such a character is found, 0 otherwise. When run on unlikely +- * header match, it's recommended to first check for the presence of control +- * chars using ist_find_ctl(). +- */ +-static int has_forbidden_char(const struct ist ist, const char *start) +-{ +- do { +- if ((uint8_t)*start <= 0x0d && +- (1U << (uint8_t)*start) & ((1<<13) | (1<<10) | (1<<0))) +- return 1; +- start++; +- } while (start < istend(ist)); +- return 0; +-} +- + /* Prepare the request line into <htx> from pseudo headers stored in <phdr[]>. + * <fields> indicates what was found so far. This should be called once at the + * detection of the first general header field or at the end of the request if +@@ -353,7 +336,7 @@ int h2_make_htx_request(struct http_hdr *list, struct htx *htx, unsigned int *ms + * rejecting NUL, CR and LF characters. + */ + ctl = ist_find_ctl(list[idx].v); +- if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl)) ++ if (unlikely(ctl) && http_header_has_forbidden_char(list[idx].v, ctl)) + goto fail; + + if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) { +@@ -638,7 +621,7 @@ int h2_make_htx_response(struct http_hdr *list, struct htx *htx, unsigned int *m + * rejecting NUL, CR and LF characters. + */ + ctl = ist_find_ctl(list[idx].v); +- if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl)) ++ if (unlikely(ctl) && http_header_has_forbidden_char(list[idx].v, ctl)) + goto fail; + + if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) { +@@ -797,7 +780,7 @@ int h2_make_htx_trailers(struct http_hdr *list, struct htx *htx) + * rejecting NUL, CR and LF characters. + */ + ctl = ist_find_ctl(list[idx].v); +- if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl)) ++ if (unlikely(ctl) && http_header_has_forbidden_char(list[idx].v, ctl)) + goto fail; + + if (!htx_add_trailer(htx, list[idx].n, list[idx].v)) +-- +2.43.0 + |