MEDIUM: h1: enlarge the scope of accepted version chars with accept-invalid-http...

We used to support both RTSP and HTTP protocol version names with and
without accept-invalid-http-request, but since this is based on the
characters themselves, any protocol made of chars {0-9/.HPRST} was
possible and not others. Now that such non-standard protocols are
restricted to accept-invalid-http-request, there's no reason for not
allowing other letters. With this patch, characters {0-9./A-Z} are
permitted when the option is set.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index e2191c2dda88c52d27dfb811e94bd20cf29448f3..d9fd06dbd1de70e44336b1edca2b030809b7c7a6 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -8372,8 +8372,8 @@ no option accept-invalid-http-request
   not allowed at all. HAProxy always blocks a number of them (0..32, 127). The
   remaining ones are blocked by default unless this option is enabled. This
   option also relaxes the test on the HTTP version, it allows HTTP/0.9 requests
-  to pass through (no version specified) and multiple digits for both the major
-  and the minor version.
+  to pass through (no version specified), as well as different protocol names
+  (e.g. RTSP), and multiple digits for both the major and the minor version.
 
   This option should never be enabled by default as it hides application bugs
   and open security breaches. It should only be deployed after a problem has

diff --git a/src/http.c b/src/http.c
index 83774516e0b2223bdae6ceb5c028334deabb1d09..bc0a8085f284f72b9b001de935e06ca59e7b2c4e 100644 (file)
--- a/src/http.c
+++ b/src/http.c
@@ -90,32 +90,32 @@ const unsigned char http_char_classes[256] = {
        ['>'] = HTTP_FLG_SEP,
        ['?'] = HTTP_FLG_SEP,
        ['@'] = HTTP_FLG_SEP,
-       ['A'] = HTTP_FLG_TOK,
-       ['B'] = HTTP_FLG_TOK,
-       ['C'] = HTTP_FLG_TOK,
-       ['D'] = HTTP_FLG_TOK,
-       ['E'] = HTTP_FLG_TOK,
-       ['F'] = HTTP_FLG_TOK,
-       ['G'] = HTTP_FLG_TOK,
+       ['A'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['B'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['C'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['D'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['E'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['F'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['G'] = HTTP_FLG_TOK | HTTP_FLG_VER,
        ['H'] = HTTP_FLG_TOK | HTTP_FLG_VER,
-       ['I'] = HTTP_FLG_TOK,
-       ['J'] = HTTP_FLG_TOK,
-       ['K'] = HTTP_FLG_TOK,
-       ['L'] = HTTP_FLG_TOK,
-       ['M'] = HTTP_FLG_TOK,
-       ['N'] = HTTP_FLG_TOK,
-       ['O'] = HTTP_FLG_TOK,
+       ['I'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['J'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['K'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['L'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['M'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['N'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['O'] = HTTP_FLG_TOK | HTTP_FLG_VER,
        ['P'] = HTTP_FLG_TOK | HTTP_FLG_VER,
-       ['Q'] = HTTP_FLG_TOK,
+       ['Q'] = HTTP_FLG_TOK | HTTP_FLG_VER,
        ['R'] = HTTP_FLG_TOK | HTTP_FLG_VER,
        ['S'] = HTTP_FLG_TOK | HTTP_FLG_VER,
        ['T'] = HTTP_FLG_TOK | HTTP_FLG_VER,
-       ['U'] = HTTP_FLG_TOK,
-       ['V'] = HTTP_FLG_TOK,
-       ['W'] = HTTP_FLG_TOK,
-       ['X'] = HTTP_FLG_TOK,
-       ['Y'] = HTTP_FLG_TOK,
-       ['Z'] = HTTP_FLG_TOK,
+       ['U'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['V'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['W'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['X'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['Y'] = HTTP_FLG_TOK | HTTP_FLG_VER,
+       ['Z'] = HTTP_FLG_TOK | HTTP_FLG_VER,
        ['['] = HTTP_FLG_SEP,
        [ 92] = HTTP_FLG_SEP,
        [']'] = HTTP_FLG_SEP,