From: Amos Jeffries Date: Fri, 5 Dec 2014 13:02:46 +0000 (-0800) Subject: HTTP/2: handle 'PRI' method found in HTTP/1.x traffic X-Git-Tag: merge-candidate-3-v1~458 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5de5c2d0686b91fabccbdab4a612a7db2e325037;p=thirdparty%2Fsquid.git HTTP/2: handle 'PRI' method found in HTTP/1.x traffic draft-ietf-httpbis-http2-16 section 11.6 registers the method PRI. " This method is never used by an actual client. This method will appear to be used when an HTTP/1.1 server or intermediary attempts to parse an HTTP/2 connection preface. " If seen with a non-2.0 version number it means some client or proxy has mishandled an HTTP/2.0 connection preface and corrupted the traffic. --- diff --git a/src/client_side.cc b/src/client_side.cc index daffbc3c67..03b1b04045 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -2183,6 +2183,17 @@ parseHttpRequest(ConnStateData *csd, const Http1::RequestParserPointer &hp) return csd->abortRequestParsing("error:method-not-allowed"); } + /* draft-ietf-httpbis-http2-16 section 11.6 registers the method PRI as HTTP/2 specific + * Deny "PRI" method if used in HTTP/1.x or 0.9 versions. + * If seen it signals a broken client or proxy has corrupted the traffic. + */ + if (hp->method() == Http::METHOD_PRI && hp->messageProtocol() < Http::ProtocolVersion(2,0)) { + debugs(33, DBG_IMPORTANT, "WARNING: PRI method received on " << csd->transferProtocol << " port " << csd->port->s.port()); + debugs(33, DBG_IMPORTANT, "WARNING: for request: " << hp->method() << " " << hp->requestUri() << " " << hp->messageProtocol()); + hp->request_parse_status = Http::scMethodNotAllowed; + return csd->abortRequestParsing("error:method-not-allowed"); + } + if (hp->method() == Http::METHOD_NONE) { debugs(33, DBG_IMPORTANT, "WARNING: Unsupported method: " << hp->method() << " " << hp->requestUri() << " " << hp->messageProtocol()); hp->request_parse_status = Http::scMethodNotAllowed;