From: Christopher Faulet <cfaulet@haproxy.com>
Date: Tue, 22 Nov 2022 09:27:54 +0000 (+0100)
Subject: MINOR: h1: Consider empty port as invalid in authority for CONNECT
X-Git-Tag: v2.7-dev10~31
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=75348c2e8b7779d1b00d849ecb5b8324033210f7;p=thirdparty%2Fhaproxy.git

MINOR: h1: Consider empty port as invalid in authority for CONNECT

For now, this change is useless because http_get_host_port() returns
IST_NULL when the port is empty. But this will change. For other methods,
empty ports are valid. But not for CONNECT method. To still return a
400-Bad-Request if a CONNECT is performed with an empty port, istlen() is
used to test the port, instead of isttest().
---

diff --git a/src/h1.c b/src/h1.c
index cce484ca4b..d4c290b9cd 100644
--- a/src/h1.c
+++ b/src/h1.c
@@ -169,7 +169,7 @@ static int h1_validate_connect_authority(struct ist authority, struct ist *host_
 		goto invalid_authority;
 	uri_host = authority;
 	uri_port = http_get_host_port(authority);
-	if (!isttest(uri_port))
+	if (!istlen(uri_port))
 		goto invalid_authority;
 	uri_host.len -= (istlen(uri_port) + 1);
 
@@ -179,8 +179,10 @@ static int h1_validate_connect_authority(struct ist authority, struct ist *host_
 	/* Get the port of the host header value, if any */
 	host = *host_hdr;
 	host_port = http_get_host_port(*host_hdr);
-	if (isttest(host_port)) {
+	if (isttest(host_port))
 		host.len -= (istlen(host_port) + 1);
+
+	if (istlen(host_port)) {
 		if (!isteqi(host, uri_host) || !isteq(host_port, uri_port))
 			goto invalid_host;
 		if (http_is_default_port(IST_NULL, uri_port))