1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
From: Willy Tarreau <w@1wt.eu>
Date: Tue, 8 Aug 2023 17:00:50 +0200
Subject: REORG: http: move has_forbidden_char() from h2.c to http.h
Origin: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=4a776fd01560a8dfa7a57b30b4d5249c8da7b12c
This function is not H2 specific but rather generic to HTTP. We'll
need it in H3 soon, so let's move it to HTTP and rename it to
http_header_has_forbidden_char().
(cherry picked from commit d4069f3cee0f6e94afaec518b6373dd368073f52)
[ad: backported for next patch BUG/MAJOR: h3: reject header values
containing invalid chars]
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit 21c4ffd025115058994a3e2765c17fc3cee52f90)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit 9c0bc4f201cf58c10706416cb4807c0f4794f8ac)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
---
include/haproxy/http.h | 18 ++++++++++++++++++
src/h2.c | 23 +++--------------------
2 files changed, 21 insertions(+), 20 deletions(-)
diff --git a/include/haproxy/http.h b/include/haproxy/http.h
index f597ee4cd1dc..41eca98a1e87 100644
--- a/include/haproxy/http.h
+++ b/include/haproxy/http.h
@@ -173,6 +173,24 @@ static inline struct http_uri_parser http_uri_parser_init(const struct ist uri)
return parser;
}
+/* Looks into <ist> for forbidden characters for header values (0x00, 0x0A,
+ * 0x0D), starting at pointer <start> which must be within <ist>. Returns
+ * non-zero if such a character is found, 0 otherwise. When run on unlikely
+ * header match, it's recommended to first check for the presence of control
+ * chars using ist_find_ctl().
+ */
+static inline int http_header_has_forbidden_char(const struct ist ist, const char *start)
+{
+ do {
+ if ((uint8_t)*start <= 0x0d &&
+ (1U << (uint8_t)*start) & ((1<<13) | (1<<10) | (1<<0)))
+ return 1;
+ start++;
+ } while (start < istend(ist));
+ return 0;
+}
+
+
#endif /* _HAPROXY_HTTP_H */
/*
diff --git a/src/h2.c b/src/h2.c
index f794262ee7af..76c936783461 100644
--- a/src/h2.c
+++ b/src/h2.c
@@ -49,23 +49,6 @@ struct h2_frame_definition h2_frame_definition[H2_FT_ENTRIES] = {
[H2_FT_CONTINUATION ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
};
-/* Looks into <ist> for forbidden characters for header values (0x00, 0x0A,
- * 0x0D), starting at pointer <start> which must be within <ist>. Returns
- * non-zero if such a character is found, 0 otherwise. When run on unlikely
- * header match, it's recommended to first check for the presence of control
- * chars using ist_find_ctl().
- */
-static int has_forbidden_char(const struct ist ist, const char *start)
-{
- do {
- if ((uint8_t)*start <= 0x0d &&
- (1U << (uint8_t)*start) & ((1<<13) | (1<<10) | (1<<0)))
- return 1;
- start++;
- } while (start < istend(ist));
- return 0;
-}
-
/* Prepare the request line into <htx> from pseudo headers stored in <phdr[]>.
* <fields> indicates what was found so far. This should be called once at the
* detection of the first general header field or at the end of the request if
@@ -353,7 +336,7 @@ int h2_make_htx_request(struct http_hdr *list, struct htx *htx, unsigned int *ms
* rejecting NUL, CR and LF characters.
*/
ctl = ist_find_ctl(list[idx].v);
- if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
+ if (unlikely(ctl) && http_header_has_forbidden_char(list[idx].v, ctl))
goto fail;
if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) {
@@ -638,7 +621,7 @@ int h2_make_htx_response(struct http_hdr *list, struct htx *htx, unsigned int *m
* rejecting NUL, CR and LF characters.
*/
ctl = ist_find_ctl(list[idx].v);
- if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
+ if (unlikely(ctl) && http_header_has_forbidden_char(list[idx].v, ctl))
goto fail;
if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) {
@@ -797,7 +780,7 @@ int h2_make_htx_trailers(struct http_hdr *list, struct htx *htx)
* rejecting NUL, CR and LF characters.
*/
ctl = ist_find_ctl(list[idx].v);
- if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
+ if (unlikely(ctl) && http_header_has_forbidden_char(list[idx].v, ctl))
goto fail;
if (!htx_add_trailer(htx, list[idx].n, list[idx].v))
--
2.43.0
|