From: Ruediger Pluem <rpluem@apache.org>
Date: Wed, 10 Jun 2020 11:24:13 +0000 (+0000)
Subject: * Have the HTTP 0.9 / 1.1 processing code reject requests for
X-Git-Tag: 2.5.0-alpha2-ci-test-only~1388
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97bc128df241a30be6466227efe1502bfd96d29c;p=thirdparty%2Fapache%2Fhttpd.git

* Have the HTTP 0.9 / 1.1 processing code reject requests for
  HTTP >= 2.0 with a HTTP Version Not Support status code.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1878708 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 0c7b678f12a..c2a72710e90 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,7 +1,11 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
-  *) mod_proxy_http2: the "ping" proxy parameter 
+
+  *) core: Have the HTTP 0.9 / 1.1 processing code reject requests for
+     HTTP >= 2.0 with a HTTP Version Not Support status code. [Ruediger Pluem]
+
+  *) mod_proxy_http2: the "ping" proxy parameter
      (see <https://httpd.apache.org/docs/2.4/mod/mod_proxy.html>) is now used
      when checking the liveliness of a new or reused h2 connection to the backend.
      With short durations, this makes load-balancing more responsive. The module
diff --git a/server/protocol.c b/server/protocol.c
index 76baabbe291..6eb1786459f 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -748,7 +748,7 @@ AP_DECLARE(int) ap_parse_request_line(request_rec *r)
     enum {
         rrl_none, rrl_badmethod, rrl_badwhitespace, rrl_excesswhitespace,
         rrl_missinguri, rrl_baduri, rrl_badprotocol, rrl_trailingtext,
-        rrl_badmethod09, rrl_reject09
+        rrl_badmethod09, rrl_reject09, rrl_versionnotsupported
     } deferred_error = rrl_none;
     apr_size_t len = 0;
     char *uri, *ll;
@@ -897,6 +897,11 @@ rrl_done:
         r->proto_num = HTTP_VERSION(0, 9);
     }
 
+    if (strict && deferred_error == rrl_none
+        && r->proto_num >= HTTP_VERSION(2, 0)) {
+        deferred_error = rrl_versionnotsupported;
+    }
+
     /* Determine the method_number and parse the uri prior to invoking error
      * handling, such that these fields are available for substitution
      */
@@ -918,6 +923,7 @@ rrl_done:
      * we can safely resume any deferred error reporting
      */
     if (deferred_error != rrl_none) {
+        r->status = HTTP_BAD_REQUEST;
         if (deferred_error == rrl_badmethod)
             ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03445)
                           "HTTP Request Line; Invalid method token: '%.*s'",
@@ -954,7 +960,13 @@ rrl_done:
                           "HTTP Request Line; Unrecognized protocol '%.*s' "
                           "(perhaps whitespace was injected?)",
                           field_name_len(r->protocol), r->protocol);
-        r->status = HTTP_BAD_REQUEST;
+        else if (deferred_error == rrl_versionnotsupported) {
+            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO()
+                          "HTTP Request Line; Protocol '%.*s' >= HTTP/2.0 not"
+                          " supported", field_name_len(r->protocol),
+                          r->protocol);
+            r->status = HTTP_VERSION_NOT_SUPPORTED;
+        }
         goto rrl_failed;
     }