Reject URLs containing white spaces

Refs #1862

Reject URLs containing white spaces
Refs #1862
3bf38ded · Dridi Boukelmoune · d63efb1a · 3bf38ded · 3bf38ded
Commit 3bf38ded authored Mar 25, 2016 by Dridi Boukelmoune
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 0 deletions

cache_http1_proto.c bin/varnishd/cache/cache_http1_proto.c +6 -0

r01862.vtc bin/varnishtest/tests/r01862.vtc +11 -0

No files found.
--- a/bin/varnishd/cache/cache_http1_proto.c
+++ b/bin/varnishd/cache/cache_http1_proto.c
@@ -382,6 +382,8 @@ htc_proto_ver(struct http *hp)
 		hp->protover = 10;
 	else if (!strcasecmp(hp->hd[HTTP_HDR_PROTO].b, "HTTP/1.1"))
 		hp->protover = 11;
+	else if (*hp->hd[HTTP_HDR_PROTO].b != '\0')
+		hp->protover = 0;
 	else
 		hp->protover = 9;
 }
@@ -410,6 +412,10 @@ HTTP1_DissectRequest(struct req *req)
 		return (retval);
 	}
 	htc_proto_ver(hp);
+	if (hp->protover == 0) {
+		VSLb(hp->vsl, SLT_Error, "Illegal URL or protocol");
+		return (400);
+	}

 	if (http_CountHdr(hp, H_Host) > 1) {
 		VSLb(hp->vsl, SLT_Error, "Duplicate Host header");

--- a/bin/varnishtest/tests/r01862.vtc
+++ b/bin/varnishtest/tests/r01862.vtc
+varnishtest "Whitespace in the request URL"
+
+server s1 "" -start
+
+varnish v1 -vcl+backend "" -start
+
+client c1 {
+	txreq -url "/foo bar"
+	rxresp
+	expect resp.status == 400
+} -run