When a non-CONNECT H1 request is parsed, the authority is compared to the
host header value, to validate that they are the same. However there is an
issue here when a relative path is used (not begining with a '/'). In this
case, the path is considered as the authority and will be erroneously
compared to the host header value. It is observable with this kind of
request:
GET admin HTTP/1.1
Host: www.mysite.com
In this case "admin" is parsed as an authority while it is in fact a path.
At this step, it is not a big deal because it just happens on the very first
checks on the message during the parsing. However, the same happens when the
authority is updated. This will be fixed in another commit
Note this kind of request is invalid because the path does not start with a
'/'. But, till now, HAProxy does not reject it.
This patch is related to issue #2565. It must be backported as far as 2.4.
if (!(h1m->flags & (H1_MF_HDRS_ONLY|H1_MF_RESP))) {
struct http_uri_parser parser = http_uri_parser_init(sl.rq.u);
- struct ist scheme, authority;
+ struct ist scheme, authority = IST_NULL;
int ret;
scheme = http_parse_scheme(&parser);
- authority = http_parse_authority(&parser, 1);
+ if (istlen(scheme) || sl.rq.meth == HTTP_METH_CONNECT) {
+ /* Expect an authority if for CONNECT method or if there is a scheme */
+ authority = http_parse_authority(&parser, 1);
+ }
+
if (sl.rq.meth == HTTP_METH_CONNECT) {
struct ist *host = ((host_idx != -1) ? &hdr[host_idx].v : NULL);
projects / thirdparty / haproxy.git / commitdiff
