From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 11 Oct 2019 11:34:22 +0000 (+0200)
Subject: MINOR: h1: Reject requests if the authority does not match the header host
X-Git-Tag: v2.1-dev3~73
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=531b83e039bbe369e4fe6e775e9bfa310d780da1;p=thirdparty%2Fhaproxy.git

MINOR: h1: Reject requests if the authority does not match the header host

As stated in the RCF7230#5.4, a client must send a field-value for the header
host that is identical to the authority if the target URI includes one. So, now,
by default, if the authority, when provided, does not match the value of the
header host, an error is triggered. To mitigate this behavior, it is possible to
set the option "accept-invalid-http-request". In that case, an http error is
captured without interrupting the request parsing.
---

diff --git a/src/h1.c b/src/h1.c
index 7e7eaa064a..83afb14ebc 100644
--- a/src/h1.c
+++ b/src/h1.c
@@ -834,8 +834,20 @@ int h1_headers_to_hdr_list(char *start, const char *stop,
 					}
 				}
 				else if (isteqi(n, ist("host"))) {
-					if (host_idx == -1)
+					if (host_idx == -1) {
+						struct ist authority;
+
+						authority = http_get_authority(sl.rq.u, 1);
+						if (authority.len && !isteqi(v, authority)) {
+							if (h1m->err_pos < -1) {
+								state = H1_MSG_HDR_L2_LWS;
+								goto http_msg_invalid;
+							}
+							if (h1m->err_pos == -1) /* capture the error pointer */
+								h1m->err_pos = ptr - start + skip; /* >= 0 now */
+						}
 						host_idx = hdr_count;
+					}
 					else {
 						if (!isteqi(v, hdr[host_idx].v)) {
 							state = H1_MSG_HDR_L2_LWS;