MEDIUM: h1: consider err_pos before deciding to accept a header name or not

Till now the H1 parser made for H2 used to be lenient on invalid header
field names because they were supposed to be produced by haproxy. Now
instead we'll rely on err_pos to know how to act (ie: -2 == must block).

diff --git a/src/h1.c b/src/h1.c
index 63f284ee3dce2968c2db89ec982d326e105d02f4..20a14934d0a6ba1bb5955be90ba8270625e6c6f8 100644 (file)
--- a/src/h1.c
+++ b/src/h1.c
@@ -864,16 +864,15 @@ int h1_headers_to_hdr_list(char *start, const char *stop,
                        EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_l1_sp, http_msg_ood, state, H1_MSG_HDR_L1_SP);
                }
 
-               if (HTTP_IS_LWS(*ptr)) {
+               if (likely(h1m->err_pos < -1) || *ptr == '\n') {
                        state = H1_MSG_HDR_NAME;
                        goto http_msg_invalid;
                }
 
-               /* now we have a non-token character in the header field name,
-                * it's up to the H1 layer to have decided whether or not it
-                * was acceptable. If we find it here, it was considered
-                * acceptable due to configuration rules so we obey.
-                */
+               if (h1m->err_pos == -1) /* capture the error pointer */
+                       h1m->err_pos = ptr - start + skip; /* >= 0 now */
+
+               /* and we still accept this non-token character */
                EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_name, http_msg_ood, state, H1_MSG_HDR_NAME);
 
        case H1_MSG_HDR_L1_SP: