From 1d5e49737cf815f3a65d677c26bbf7ce56112458 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 8 Aug 2023 15:24:54 +0200 Subject: MINOR: http: add new function http_path_has_forbidden_char() As its name implies, this function checks if a path component has any forbidden headers starting at the designated location. The goal is to seek from the result of a successful ist_find_range() for more precise chars. Here we're focusing on 0x00-0x1F, 0x20 and 0x23 to make sure we're not too strict at this point. (cherry picked from commit 30f58f4217d585efeac3d85cb1b695ba53b7760b) [ad: backported for following fix : BUG/MINOR: h2: reject more chars from the :path pseudo header] Signed-off-by: Amaury Denoyelle (cherry picked from commit b491940181a88bb6c69ab2afc24b93a50adfa67c) Signed-off-by: Amaury Denoyelle (cherry picked from commit f7666e5e43ce63e804ebffdf224d92cfd3367282) Signed-off-by: Amaury Denoyelle (cherry picked from commit c699bb17b7e334c9d56e829422e29e5a204615ec) [wt: adj minor ctx in http.h] Signed-off-by: Willy Tarreau (cherry picked from commit 0f57ac20b046b70275192651d7b6c978032e6a36) [wt: adj minor ctx in http.h] Signed-off-by: Willy Tarreau (cherry picked from commit 921f79588c6180c406e88236228a5be1c5c67c55) [wt: applied to h2.c like has_forbidden_char since it will be used there] Signed-off-by: Willy Tarreau (cherry picked from commit cedfa791d1a5fd03ec6b77bfa495341af37a26c3) Signed-off-by: Willy Tarreau --- src/h2.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/h2.c b/src/h2.c index e5351d72e..014e40212 100644 --- a/src/h2.c +++ b/src/h2.c @@ -49,6 +49,26 @@ static int has_forbidden_char(const struct ist ist, const char *start) return 0; } +/* Looks into for forbidden characters for :path values (0x00..0x1F, + * 0x20, 0x23), starting at pointer which must be within . + * Returns non-zero if such a character is found, 0 otherwise. When run on + * unlikely header match, it's recommended to first check for the presence + * of control chars using ist_find_ctl(). + */ +static inline int http_path_has_forbidden_char(const struct ist ist, const char *start) +{ + do { + if ((uint8_t)*start <= 0x23) { + if ((uint8_t)*start < 0x20) + return 1; + if ((1U << ((uint8_t)*start & 0x1F)) & ((1<<3) | (1<<0))) + return 1; + } + start++; + } while (start < istend(ist)); + return 0; +} + /* Prepare the request line into <*ptr> (stopping at ) from pseudo headers * stored in . indicates what was found so far. This should be * called once at the detection of the first general header field or at the end -- 2.35.3