From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 2 May 2016 10:51:18 +0000 (+1200)
Subject: Bug 4501: HTTP/1.1: normalize Host header
X-Git-Tag: SQUID_3_5_18~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=baab2c0fdfa485628b1b1fa9c626eeb2a2fbf22e;p=thirdparty%2Fsquid.git

Bug 4501: HTTP/1.1: normalize Host header

When absolute-URI is provided Host header should be ignored. However some
code still uses Host directly so normalize it using the URL authority
value before doing any further request processing.

For now preserve the case where Host is completely absent. That matters
to the CVE-2009-0801 protection.

This also has the desirable side effect of removing multiple or duplicate
Host header entries, and invalid port values.
---

diff --git a/src/client_side.cc b/src/client_side.cc
index 92528c5ad0..d348fdf016 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -2661,6 +2661,20 @@ clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *c
             clientProcessRequestFinished(conn, request);
             return;
         }
+
+        // when absolute-URI is provided Host header should be ignored. However
+        // some code still uses Host directly so normalize it.
+        // For now preserve the case where Host is completely absent. That matters.
+        if (request->header.has(HDR_HOST)) {
+            const char *host = request->header.getStr(HDR_HOST);
+            SBuf authority(request->GetHost());
+            if (request->port != urlDefaultPort(request->url.getScheme()))
+                authority.appendf(":%d", request->port);
+            debugs(33, 5, "URL domain " << authority << " overrides header Host: " << host);
+            // URL authority overrides Host header
+            request->header.delById(HDR_HOST);
+            request->header.putStr(HDR_HOST, authority.c_str());
+        }
     }
 
     // Some blobs below are still HTTP-specific, but we would have to rewrite