MEDIUM: mux-h1: Return a 501-not-implemented for upgrade requests with a body

If an HTTP protocol upgrade request with a payload is received, a
501-not-implemented error is now returned to the client. It is valid from
the RFC point of view but will be incompatible with the way the H2
websockets will be handled by HAProxy. And it is probably a very uncommon
way to do perform protocol upgrades.

diff --git a/src/mux_h1.c b/src/mux_h1.c
index 5bd9f3921ff813cfdbbe48c6233001e2977f0619..0c5fc4473ffd0d88dd6ea0f1307f1fdef0457c78 100644 (file)
--- a/src/mux_h1.c
+++ b/src/mux_h1.c
@@ -1466,6 +1466,14 @@ static size_t h1_process_input(struct h1c *h1c, struct buffer *buf, size_t count
                        TRACE_USER((!(h1m->flags & H1_MF_RESP) ? "rcvd H1 request headers" : "rcvd H1 response headers"),
                                   H1_EV_RX_DATA|H1_EV_RX_HDRS, h1c->conn, h1s, htx, (size_t[]){ret});
 
+                       /* Reject Protocol upgrade request with payload */
+                       if ((h1m->flags & (H1_MF_RESP|H1_MF_CONN_UPG)) == H1_MF_CONN_UPG && h1m->state != H1_MSG_DONE) {
+                               h1s->flags |= H1S_F_NOT_IMPL_ERROR;
+                               TRACE_USER("Upgrade with body not implemented, reject H1 message",
+                                          H1_EV_RX_DATA|H1_EV_RX_HDRS|H1_EV_H1S_ERR, h1s->h1c->conn, h1s);
+                               break;
+                       }
+
                        if ((h1m->flags & H1_MF_RESP) &&
                            h1s->status < 200 && (h1s->status == 100 || h1s->status >= 102)) {
                                h1m_init_res(&h1s->res);