Varnish is not subject to CVE 2022 37434, we never use "extra" data.

FreeBSD's code is undergoing some compatibility adaptations
so we go directly to the source from here.

PS: Please keep cochinelle out of libvgz.

Fixes #3491

Check for correct handling of missing pseudo-headers, and invalid
characters.
Signed-off-by: Asad Sajjad Ahmed <asadsa@varnish-software.com>

The :scheme pseudo header is not optional in H/2 except when doing CONNECT.
There is also a strict requirement for it appear only once.
Signed-off-by: Asad Sajjad Ahmed <asadsa@varnish-software.com>

We should apply the same restrictions on the list of allowed characters inside
H/2 pseudo-headers as we do for H/1. This error is translated into the
headers we send to a backend over H/1.

Failure to do so could permit various exploits against a backend not handling
malformed H/1 requests.
Signed-off-by: Asad Sajjad Ahmed <asadsa@varnish-software.com>

I find ":path: /foo" more descriptive than "/foo", even though I could
infer which one it was...

Now that http_DoConnection() is used without respecting the SC_RX_BAD
return value it should not return early when encountering a well-known
header.

Some browsers are strict about this and simply drop responses containing
such headers. Since this is not filtering a context switch between a
client and a backend transaction (or cache hit) a new filtering flag is
added to the HTTP headers table for connection-specific headers. This
new flag cannot be compounded as HTTPH_R_FETCH|HTTPH_A_INS because the
TE header is an exception and left alone, even though trailers aren't
supported.

Better diff with the --ignore-all-space option.

We could go further and consider any client request containing one as
malformed as mandated by RFC 7540.

Closes #3416

no semantic changes, just consolidating three places in one

(thus pushed during freeze)

Allow the user to log the request time in milliseconds through the new
format specifier: %{ms}T .
Signed-off-by: Asad Sajjad Ahmed <asadsa@varnish-software.com>

Previously we would ignore errors to iterate the request body into
oblivion in VRB_Ignore(), keeping the connection open. This opens an
out-of-sync vulnerability on H/1 connections.

This patch tests the status of the request body in VRB_Ignore(), marking
the request failed and that it should be closed on errors.

Conflicts:
	bin/varnishd/cache/cache_esi_deliver.c

This fixes a potential out-of-workspace panic.

Otherwise valid code can panic on workspace exhaustion:

    std.ip(req.http.X-Real-IP, std.ip(req.http.X-Client-IP, client.ip))

If the nested std.ip() call runs out of workspace, it will return a null
ip instead of the fallback, and the outer std.ip() call will panic upon
checking the suckaddr sanity.

Refs #3746

Dont limit ourselves to a set number of VSL records to include
the "0 CLI" we want, various platforms emit a number of Debug
messages relating to sockopt

Use the `process p%d -expect-text` mechanism to wait only as
long as necessary for the "0 CLI"