From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 9 Oct 2020 06:50:26 +0000 (+0200)
Subject: BUG/MINOR: http-htx: Expect no body for 204/304 internal HTTP responses
X-Git-Tag: v2.3-dev6~66
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b8d148a93f0daff9821cb9ecc5934499f8d128a2;p=thirdparty%2Fhaproxy.git

BUG/MINOR: http-htx: Expect no body for 204/304 internal HTTP responses

204 and 304 HTTP responses must no contain message body. These status codes are
correctly handled when the responses are received from a server. But there is no
specific processing for internal HTTP reponses (errorfile and http replies).

Now, when errorfiles or an http replies are parsed during the configuration
parsing, an error is triggered if a 204/304 message contains a body. An extra
check is also performed to ensure the body length matches the announce
content-length.

This patch should fix the issue #891. It must be backported as far as 2.0. For
2.1 and 2.0, only the http_str_to_htx() function must be fixed.
http_parse_http_reply() function does not exist.
---

diff --git a/src/http_htx.c b/src/http_htx.c
index de65a4dd0a..cb52b06f0d 100644
--- a/src/http_htx.c
+++ b/src/http_htx.c
@@ -929,17 +929,36 @@ int http_str_to_htx(struct buffer *buf, struct ist raw)
 	if (h1sl.st.status < 200 && (h1sl.st.status == 100 || h1sl.st.status >= 102))
 		goto error;
 
+	if (h1sl.st.status == 204 || h1sl.st.status == 304) {
+		/* Responses known to have no body. */
+		h1m.flags &= ~(H1_MF_CLEN|H1_MF_CHNK);
+		h1m.flags |= H1_MF_XFER_LEN;
+		h1m.curr_len = h1m.body_len = 0;
+	}
+	else if (h1m.flags & (H1_MF_CLEN|H1_MF_CHNK))
+		h1m.flags |= H1_MF_XFER_LEN;
+
 	if (h1m.flags & H1_MF_VER_11)
 		flags |= HTX_SL_F_VER_11;
 	if (h1m.flags & H1_MF_XFER_ENC)
 		flags |= HTX_SL_F_XFER_ENC;
-	if (h1m.flags & H1_MF_CLEN) {
-		flags |= (HTX_SL_F_XFER_LEN|HTX_SL_F_CLEN);
-		if (h1m.body_len == 0)
+	if (h1m.flags & H1_MF_XFER_LEN) {
+		flags |= HTX_SL_F_XFER_LEN;
+		if (h1m.flags & H1_MF_CHNK)
+			goto error; /* Unsupported because there is no body parsing */
+		else if (h1m.flags & H1_MF_CLEN) {
+			flags |= HTX_SL_F_CLEN;
+			if (h1m.body_len == 0)
+				flags |= HTX_SL_F_BODYLESS;
+		}
+		else
 			flags |= HTX_SL_F_BODYLESS;
 	}
-	if (h1m.flags & H1_MF_CHNK)
-		goto error; /* Unsupported because there is no body parsing */
+
+	if ((flags & HTX_SL_F_BODYLESS) && raw.len > ret)
+		goto error; /* No body expected */
+	if ((flags & HTX_SL_F_CLEN) && h1m.body_len != (raw.len - ret))
+		goto error; /* body with wrong length */
 
 	htx = htx_from_buf(buf);
 	sl = htx_add_stline(htx, HTX_BLK_RES_SL, flags, h1sl.st.v, h1sl.st.c, h1sl.st.r);
@@ -1628,6 +1647,10 @@ struct http_reply *http_parse_http_reply(const char **args, int *orig_arg, struc
 		}
 	}
 	else if (reply->type == HTTP_REPLY_RAW) { /* explicit parameter using 'file' parameter*/
+		if ((reply->status == 204 || reply->status == 304) && objlen) {
+			memprintf(errmsg, "No body expected for %d responses", reply->status);
+			goto error;
+		}
 		if (!reply->ctype && objlen) {
 			memprintf(errmsg, "a content type must be defined when non-empty payload is configured");
 			goto error;
@@ -1647,6 +1670,10 @@ struct http_reply *http_parse_http_reply(const char **args, int *orig_arg, struc
 	}
 	else if (reply->type == HTTP_REPLY_LOGFMT) { /* log-format payload using 'lf-file' of 'lf-string' parameter */
 		LIST_INIT(&reply->body.fmt);
+		if ((reply->status == 204 || reply->status == 304)) {
+			memprintf(errmsg, "No body expected for %d responses", reply->status);
+			goto error;
+		}
 		if (!reply->ctype) {
 			memprintf(errmsg, "a content type must be defined with a log-format payload");
 			goto error;