Centralize check for multiple Host: and Content-Length headers.

Increment client_req_400 in more cases.

Centralize check for multiple Host: and Content-Length headers.
Increment client_req_400 in more cases.
55753f98 · Poul-Henning Kamp · 266ce5fb · 55753f98 · 55753f98 · 55753f98
Commit 55753f98 authored Oct 12, 2021 by Poul-Henning Kamp
Showing with 40 additions and 6 deletions

cache_req_fsm.c bin/varnishd/cache/cache_req_fsm.c +15 -0

cache_http1_proto.c bin/varnishd/http1/cache_http1_proto.c +0 -6

b00037.vtc bin/varnishtest/tests/b00037.vtc +25 -0

No files found.
--- a/bin/varnishd/cache/cache_req_fsm.c
+++ b/bin/varnishd/cache/cache_req_fsm.c
@@ -110,6 +110,7 @@ cnt_transport(struct worker *wrk, struct req *req)

 	req->doclose = http_DoConnection(req->http, SC_REQ_CLOSE);
 	if (req->doclose == SC_RX_BAD) {
+		wrk->stats->client_req_400++;
 		(void)req->transport->minimal_response(req, 400);
 		return (REQ_FSM_DONE);
 	}
@@ -927,6 +928,20 @@ cnt_recv(struct worker *wrk, struct req *req)

 	http_VSL_log(req->http);

+	if (http_CountHdr(req->http0, H_Host) > 1) {
+		VSLb(req->vsl, SLT_BogoHeader, "Multiple Host: headers");
+		wrk->stats->client_req_400++;
+		(void)req->transport->minimal_response(req, 400);
+		return (REQ_FSM_DONE);
+	}
+
+	if (http_CountHdr(req->http0, H_Content_Length) > 1) {
+		VSLb(req->vsl, SLT_BogoHeader, "Multiple Content-Length: headers");
+		wrk->stats->client_req_400++;
+		(void)req->transport->minimal_response(req, 400);
+		return (REQ_FSM_DONE);
+	}
+
 	cnt_recv_prep(req, ci);

 	if (req->req_body_status == BS_ERROR) {

--- a/bin/varnishd/http1/cache_http1_proto.c
+++ b/bin/varnishd/http1/cache_http1_proto.c
@@ -368,12 +368,6 @@ HTTP1_DissectRequest(struct http_conn *htc, struct http *hp)
 	if (hp->protover < 10 || hp->protover > 11)
 		return (400);

-	if (http_CountHdr(hp, H_Host) > 1)
-		return (400);
-
-	if (http_CountHdr(hp, H_Content_Length) > 1)
-		return (400);
-
 	/* RFC2616, section 5.2, point 1 */
 	if (http_scheme_at(hp->hd[HTTP_HDR_URL].b, http))
 		b = hp->hd[HTTP_HDR_URL].b + 7;

--- a/bin/varnishtest/tests/b00037.vtc
+++ b/bin/varnishtest/tests/b00037.vtc
@@ -8,6 +8,7 @@ client c1 {
 	expect resp.status == 400
 } -run

+varnish v1 -vsl_catchup
 varnish v1 -expect client_req_400 == 1

 client c1 {
@@ -16,4 +17,28 @@ client c1 {
 	expect resp.status == 400
 } -run

+varnish v1 -vsl_catchup
 varnish v1 -expect client_req_400 == 2
+
+varnish v1 -cliok "param.set feature +http2"
+
+client c2 {
+	stream 7 {
+		txreq -hdr host foo -hdr host bar
+		rxresp
+		expect resp.status == 400
+	} -run
+} -run
+
+varnish v1 -vsl_catchup
+varnish v1 -expect client_req_400 == 3
+
+client c3 {
+	stream 3 {
+		txreq -req POST -hdr content-length 12 -hdr content-length 13 -body request
+		rxrst
+	} -run
+} -run
+
+varnish v1 -vsl_catchup
+varnish v1 -expect client_req_400 == 4