MEDIUM: http: always reject the "PRI" method

This method was reserved for the HTTP/2 connection preface, must never
be used and must be rejected. In normal situations it doesn't happen,
but it may be visible if a TCP frontend has alpn "h2" enabled, and
forwards to an HTTP backend which tries to parse the request. Before
this patch it would pass the wrong request to the backend server, now
it properly returns 400 bad req.

This patch should probably be backported to stable versions.

diff --git a/src/proto_http.c b/src/proto_http.c
index 9909eedc36f6e3116007f8da4d27015514561d58..88e2f06ebbd3fa8a562f2ccb70edb905f60d14dc 100644 (file)
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -1899,6 +1899,12 @@ int http_wait_for_request(struct stream *s, struct channel *req, int an_bit)
        /* we can make use of server redirect on GET and HEAD */
        if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
                s->flags |= SF_REDIRECTABLE;
+       else if (txn->meth == HTTP_METH_OTHER &&
+                msg->sl.rq.m_l == 3 && memcmp(req->buf->p, "PRI", 3) == 0) {
+               /* PRI is reserved for the HTTP/2 preface */
+               msg->err_pos = 0;
+               goto return_bad_req;
+       }
 
        /*
         * 2: check if the URI matches the monitor_uri.