git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Christopher Faulet <cfaulet@haproxy.com>
	Tue, 14 May 2024 09:42:21 +0000 (11:42 +0200)
committer	Christopher Faulet <cfaulet@haproxy.com>
	Wed, 15 May 2024 19:20:37 +0000 (21:20 +0200)
commit	d724b0d147c258eec00c82305b88ea46fff52998
tree	ac2ed6359529d0e26e010abae944d9e1a54d0f40	tree \| snapshot
parent	821a04377dfae8a7c629a8a5b4841b6f74db3930	commit \| diff

BUG/MINOR: h1: Check authority for non-CONNECT methods only if a scheme is found

When a non-CONNECT H1 request is parsed, the authority is compared to the
host header value, to validate that they are the same. However there is an
issue here when a relative path is used (not begining with a '/'). In this
case, the path is considered as the authority and will be erroneously
compared to the host header value. It is observable with this kind of
request:

GET admin HTTP/1.1
Host: www.mysite.com

In this case "admin" is parsed as an authority while it is in fact a path.
At this step, it is not a big deal because it just happens on the very first
checks on the message during the parsing. However, the same happens when the
authority is updated. This will be fixed in another commit

Note this kind of request is invalid because the path does not start with a
'/'. But, till now, HAProxy does not reject it.

This patch is related to issue #2565. It must be backported as far as 2.4.