Return an error on duplicated Host headers

bin/varnishd/cache/cache.h

@@ -877,6 +877,7 @@ double http_GetHdrQ(const struct http *hp, const char *hdr, const char *field);
 uint16_t http_GetStatus(const struct http *hp);
 const char *http_GetReq(const struct http *hp);
 int http_HdrIs(const struct http *hp, const char *hdr, const char *val);
+int http_IsHdr(const txt *hh, const char *hdr);
 enum sess_close http_DoConnection(const struct http *);
 void http_CopyHome(const struct http *hp);
 void http_Unset(struct http *hp, const char *hdr);

bin/varnishd/cache/cache_http.c

@@ -154,7 +154,7 @@ http_Teardown(struct http *hp)
 
 /*--------------------------------------------------------------------*/
 
-static int
+int
 http_IsHdr(const txt *hh, const char *hdr)
 {
 	unsigned l;

bin/varnishd/cache/cache_http1_proto.c

@@ -374,6 +374,30 @@ htc_splitline(struct http *hp, const struct http_conn *htc, int req)
 	return (htc_dissect_hdrs(hp, p, htc));
 }
 
+/*--------------------------------------------------------------------*/
+
+static int
+htc_request_check_host_hdr(struct http *hp)
+{
+	int u;
+	int seen_host = 0;
+	for (u = HTTP_HDR_FIRST; u < hp->nhd; u++) {
+		if (hp->hd[u].b == NULL)
+			continue;
+		AN(hp->hd[u].b);
+		AN(hp->hd[u].e);
+		if (http_IsHdr(&hp->hd[u], H_Host)) {
+			if (seen_host) {
+				VSLb(hp->vsl, SLT_Error, "Duplicated Host header");
+				return (400);
+			}
+			seen_host = 1;
+		}
+	}
+	return (0);
+}
+
+
 /*--------------------------------------------------------------------*/
 
 static void
@@ -412,6 +436,11 @@ HTTP1_DissectRequest(struct req *req)
 	}
 	htc_proto_ver(hp);
 
+	retval = htc_request_check_host_hdr(hp);
+	if (retval != 0) {
+		return (retval);
+	}
+
 	/* RFC2616, section 5.2, point 1 */
 	if (!strncasecmp(hp->hd[HTTP_HDR_URL].b, "http://", 7)) {
 		b = e = hp->hd[HTTP_HDR_URL].b + 7;