HTTP/2: handle 'PRI' method found in HTTP/1.x traffic

draft-ietf-httpbis-http2-16 section 11.6 registers the method PRI.
"
  This method is never used by an actual client.
  This method will appear to be used when an HTTP/1.1 server or
  intermediary attempts to parse an HTTP/2 connection preface.
"

If seen with a non-2.0 version number it means some client or proxy has
mishandled an HTTP/2.0 connection preface and corrupted the traffic.

diff --git a/src/client_side.cc b/src/client_side.cc
index daffbc3c67e58ddf48cfc428ddd8bd5e75ffe260..03b1b04045995f2cabf7c0c405791d41dc3fe91f 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -2183,6 +2183,17 @@ parseHttpRequest(ConnStateData *csd, const Http1::RequestParserPointer &hp)
         return csd->abortRequestParsing("error:method-not-allowed");
     }
 
+    /* draft-ietf-httpbis-http2-16 section 11.6 registers the method PRI as HTTP/2 specific
+     * Deny "PRI" method if used in HTTP/1.x or 0.9 versions.
+     * If seen it signals a broken client or proxy has corrupted the traffic.
+     */
+    if (hp->method() == Http::METHOD_PRI && hp->messageProtocol() < Http::ProtocolVersion(2,0)) {
+        debugs(33, DBG_IMPORTANT, "WARNING: PRI method received on " << csd->transferProtocol << " port " << csd->port->s.port());
+        debugs(33, DBG_IMPORTANT, "WARNING: for request: " << hp->method() << " " << hp->requestUri() << " " << hp->messageProtocol());
+        hp->request_parse_status = Http::scMethodNotAllowed;
+        return csd->abortRequestParsing("error:method-not-allowed");
+    }
+
     if (hp->method() == Http::METHOD_NONE) {
         debugs(33, DBG_IMPORTANT, "WARNING: Unsupported method: " << hp->method() << " " << hp->requestUri() << " " << hp->messageProtocol());
         hp->request_parse_status = Http::scMethodNotAllowed;