From: Willy Tarreau Date: Tue, 8 Aug 2023 13:24:54 +0000 (+0200) Subject: MINOR: http: add new function http_path_has_forbidden_char() X-Git-Tag: v2.9-dev3~52 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=30f58f4217d585efeac3d85cb1b695ba53b7760b;p=thirdparty%2Fhaproxy.git MINOR: http: add new function http_path_has_forbidden_char() As its name implies, this function checks if a path component has any forbidden headers starting at the designated location. The goal is to seek from the result of a successful ist_find_range() for more precise chars. Here we're focusing on 0x00-0x1F, 0x20 and 0x23 to make sure we're not too strict at this point. --- diff --git a/include/haproxy/http.h b/include/haproxy/http.h index e48e21fae8..e2ba2e515a 100644 --- a/include/haproxy/http.h +++ b/include/haproxy/http.h @@ -190,6 +190,25 @@ static inline int http_header_has_forbidden_char(const struct ist ist, const cha return 0; } +/* Looks into for forbidden characters for :path values (0x00..0x1F, + * 0x20, 0x23), starting at pointer which must be within . + * Returns non-zero if such a character is found, 0 otherwise. When run on + * unlikely header match, it's recommended to first check for the presence + * of control chars using ist_find_ctl(). + */ +static inline int http_path_has_forbidden_char(const struct ist ist, const char *start) +{ + do { + if ((uint8_t)*start <= 0x23) { + if ((uint8_t)*start < 0x20) + return 1; + if ((1U << ((uint8_t)*start & 0x1F)) & ((1<<3) | (1<<0))) + return 1; + } + start++; + } while (start < istend(ist)); + return 0; +} #endif /* _HAPROXY_HTTP_H */