From 5f9b9c909399b51498ddabb39341416381fc06a2 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 8 Aug 2023 15:38:28 +0200 Subject: MINOR: h2: pass accept-invalid-http-request down the request parser We're adding a new argument "relaxed" to h2_make_htx_request() so that we can control its level of acceptance of certain invalid requests at the proxy level with "option accept-invalid-http-request". The goal will be to add deactivable checks that are still desirable to have by default. For now no test is subject to it. (cherry picked from commit d93a00861d714313faa0395ff9e2acb14b0a2fca) [ad: backported for following fix : BUG/MINOR: h2: reject more chars from the :path pseudo header] Signed-off-by: Amaury Denoyelle (cherry picked from commit b6be1a4f858eb6602490c192235114c1a163fef9) Signed-off-by: Amaury Denoyelle (cherry picked from commit 26fa3a285df0748fc79e73e552161268b66fb527) Signed-off-by: Amaury Denoyelle (cherry picked from commit 014945a1508f43e88ac4e89950fa9037e4fb0679) Signed-off-by: Willy Tarreau (cherry picked from commit f86e994f5fb5851cd6e4f7f6b366e37765014b9f) [wt: adjusted ctx in h2.h] Signed-off-by: Willy Tarreau (cherry picked from commit d87aeb80c45cc504274188f0e5048148f3c4f2ff) [wt: extended to h2_make_h1_request() as well for legacy mode] Signed-off-by: Willy Tarreau (cherry picked from commit f2436eab7d21bab3d85cb750023a1770411f716e) [wt: only kept the legacy mode part (h2-to-h1)] Signed-off-by: Willy Tarreau --- include/common/h2.h | 2 +- src/h2.c | 6 +++++- src/mux_h2.c | 3 ++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/include/common/h2.h b/include/common/h2.h index 0cecc2d4e..ef15f3cda 100644 --- a/include/common/h2.h +++ b/include/common/h2.h @@ -180,7 +180,7 @@ enum h2_err { /* various protocol processing functions */ -int h2_make_h1_request(struct http_hdr *list, char *out, int osize, unsigned int *msgf); +int h2_make_h1_request(struct http_hdr *list, char *out, int osize, unsigned int *msgf, int relaxed); /* * Some helpful debugging functions. diff --git a/src/h2.c b/src/h2.c index 014e40212..cb40b2e1b 100644 --- a/src/h2.c +++ b/src/h2.c @@ -166,8 +166,12 @@ static int h2_prepare_h1_reqline(uint32_t fields, struct ist *phdr, char **ptr, * * The Cookie header will be reassembled at the end, and for this, the * will be used to create a linked list, so its contents may be destroyed. + * + * When is non-nul, some non-dangerous checks will be ignored. This + * is in order to satisfy "option accept-invalid-http-request" for + * interoperability purposes. */ -int h2_make_h1_request(struct http_hdr *list, char *out, int osize, unsigned int *msgf) +int h2_make_h1_request(struct http_hdr *list, char *out, int osize, unsigned int *msgf, int relaxed) { struct ist phdr_val[H2_PHDR_NUM_ENTRIES]; char *out_end = out + osize; diff --git a/src/mux_h2.c b/src/mux_h2.c index 79e70f60b..ecd9c59f8 100644 --- a/src/mux_h2.c +++ b/src/mux_h2.c @@ -2844,7 +2844,8 @@ static int h2_frt_decode_headers(struct h2s *h2s, struct buffer *buf, int count) /* OK now we have our header list in */ msgf = (h2c->dff & H2_F_DATA_END_STREAM) ? 0 : H2_MSGF_BODY; - outlen = h2_make_h1_request(list, bi_end(buf), try, &msgf); + outlen = h2_make_h1_request(list, bi_end(buf), try, &msgf, + !!(((const struct session *)h2c->conn->owner)->fe->options2 & PR_O2_REQBUG_OK)); if (outlen < 0) { h2c_error(h2c, H2_ERR_COMPRESSION_ERROR); -- 2.35.3