From: Christopher Faulet <cfaulet@haproxy.com>
Date: Mon, 26 May 2025 09:20:24 +0000 (+0200)
Subject: BUG/MEDIUM: h3: Declare absolute URI as normalized when a :authority is found
X-Git-Tag: v3.2.0~18
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e70c23e5178e4239208adf92c87df009ecb7ef4a;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: h3: Declare absolute URI as normalized when a :authority is found

Since commit 2c3d656f8 ("MEDIUM: h3: use absolute URI form with
:authority"), the absolute URI form is used when a ':authority'
pseudo-header is found. However, this URI was not declared as normalized
internally.  So, when the request is reformated to be sent to an h1 server,
the absolute-form is used instead of the origin-form. It is unexpected and
may be an issue for some servers that could reject the request.

So, now, we take care to set HTX_SL_F_HAS_AUTHORITY flag on the HTX message
when an authority was found and HTX_SL_F_NORMALIZED_URI flag is set for
"http" or "https" schemes.

No backport needed because the commit above must not be backported. It
should fix a regression reported on the 3.2-dev17 in issue #2977.

This commit depends on "BUG/MINOR: h3: Set HTX flags corresponding to the
scheme found in the request".
---

diff --git a/src/h3.c b/src/h3.c
index ac2a116dd..636dfac8a 100644
--- a/src/h3.c
+++ b/src/h3.c
@@ -777,6 +777,7 @@ static ssize_t h3_headers_to_htx(struct qcs *qcs, const struct buffer *buf,
 	if (!istlen(scheme)) {
 		/* No scheme (CONNECT), use :authority only. */
 		uri = authority;
+		flags |= HTX_SL_F_HAS_AUTHORITY;
 	}
 	else if (isttest(authority)) {
 		/* Use absolute URI form as :authority is present. */
@@ -785,6 +786,20 @@ static ssize_t h3_headers_to_htx(struct qcs *qcs, const struct buffer *buf,
 		istcat(&uri, authority, trash.size);
 		if (!isteq(path, ist("*")))
 			istcat(&uri, path, trash.size);
+
+		flags |= HTX_SL_F_HAS_AUTHORITY;
+		if (flags & (HTX_SL_F_SCHM_HTTP|HTX_SL_F_SCHM_HTTPS)) {
+			/* we don't know if it was originally an absolute or a
+			 * relative request because newer versions of HTTP use
+			 * the absolute URI format by default, which we call
+			 * the normalized URI format internally. This is the
+			 * strongly recommended way of sending a request for
+			 * a regular client, so we cannot distinguish this
+			 * from a request intended for a proxy. For other
+			 * schemes however there is no doubt.
+			 */
+			flags |= HTX_SL_F_NORMALIZED_URI;
+		}
 	}
 	else {
 		/* Use origin URI form. */