From: Christopher Faulet <cfaulet@haproxy.com>
Date: Mon, 7 Dec 2020 17:17:33 +0000 (+0100)
Subject: MEDIUM: mux-h1: Return a 501-not-implemented for upgrade requests with a body
X-Git-Tag: v2.4-dev6~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1d2d77b27;p=thirdparty%2Fhaproxy.git

MEDIUM: mux-h1: Return a 501-not-implemented for upgrade requests with a body

If an HTTP protocol upgrade request with a payload is received, a
501-not-implemented error is now returned to the client. It is valid from
the RFC point of view but will be incompatible with the way the H2
websockets will be handled by HAProxy. And it is probably a very uncommon
way to do perform protocol upgrades.
---

diff --git a/src/mux_h1.c b/src/mux_h1.c
index 5bd9f3921f..0c5fc4473f 100644
--- a/src/mux_h1.c
+++ b/src/mux_h1.c
@@ -1466,6 +1466,14 @@ static size_t h1_process_input(struct h1c *h1c, struct buffer *buf, size_t count
 			TRACE_USER((!(h1m->flags & H1_MF_RESP) ? "rcvd H1 request headers" : "rcvd H1 response headers"),
 				   H1_EV_RX_DATA|H1_EV_RX_HDRS, h1c->conn, h1s, htx, (size_t[]){ret});
 
+			/* Reject Protocol upgrade request with payload */
+			if ((h1m->flags & (H1_MF_RESP|H1_MF_CONN_UPG)) == H1_MF_CONN_UPG && h1m->state != H1_MSG_DONE) {
+				h1s->flags |= H1S_F_NOT_IMPL_ERROR;
+				TRACE_USER("Upgrade with body not implemented, reject H1 message",
+					   H1_EV_RX_DATA|H1_EV_RX_HDRS|H1_EV_H1S_ERR, h1s->h1c->conn, h1s);
+				break;
+			}
+
 			if ((h1m->flags & H1_MF_RESP) &&
 			    h1s->status < 200 && (h1s->status == 100 || h1s->status >= 102)) {
 				h1m_init_res(&h1s->res);