[4.1] aac1c61 More comprehensive test for illegal characters in HTTP/1 headers.
Lasse Karstensen
lkarsten at varnish-software.com
Thu Feb 11 17:14:32 CET 2016
commit aac1c6148c71837c9f198198129cd0e76c5a27b2
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Thu Feb 11 09:15:07 2016 +0000
More comprehensive test for illegal characters in HTTP/1 headers.
diff --git a/bin/varnishd/http1/cache_http1_proto.c b/bin/varnishd/http1/cache_http1_proto.c
index deb191d..2bca363 100644
--- a/bin/varnishd/http1/cache_http1_proto.c
+++ b/bin/varnishd/http1/cache_http1_proto.c
@@ -122,10 +122,15 @@ http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc)
if (vct_iscrlf(p))
break;
while (r < htc->rxbuf_e) {
- if (!vct_iscrlf(r)) {
+ if (!vct_isctl(*r) || vct_issp(*r)) {
r++;
continue;
}
+ if (!vct_iscrlf(r)) {
+ VSLb(hp->vsl, SLT_BogoHeader,
+ "Header has ctrl char 0x%02x", *r);
+ return (400);
+ }
q = r;
assert(r < htc->rxbuf_e);
r += vct_skipcrlf(r);
diff --git a/bin/varnishtest/tests/b00040.vtc b/bin/varnishtest/tests/b00040.vtc
index 7ce7615..123c3a1 100644
--- a/bin/varnishtest/tests/b00040.vtc
+++ b/bin/varnishtest/tests/b00040.vtc
@@ -8,6 +8,15 @@ server s1 {
varnish v1 -vcl+backend { } -start
+logexpect l1 -v v1 -g raw {
+ expect * 1001 BogoHeader {1st header has white space:.*}
+ expect * 1003 BogoHeader {1st header has white space:.*}
+ expect * 1005 BogoHeader {Header has ctrl char 0x0d}
+ expect * 1010 BogoHeader {Header has ctrl char 0x01}
+ expect * 1012 BogoHeader {Header has ctrl char 0x0d}
+ expect * 1014 BogoHeader {Header has ctrl char 0x0d}
+} -start
+
client c1 {
send "GET /1 HTTP/1.1\r\n"
send " Host: foo\r\n"
@@ -41,3 +50,27 @@ client c1 {
rxresp
expect resp.status == 200
} -run
+delay .1
+
+client c1 {
+ send "GET /5 HTTP/1.1\r\nHost: localhost\r\nBogo: Header\001More\r\n\r\n"
+ rxresp
+ expect resp.status == 400
+} -run
+delay .1
+
+client c1 {
+ send "GET /6 HTTP/1.1\r\nHost: localhost\r\nBogo: Header\r\r\n\r\n"
+ rxresp
+ expect resp.status == 400
+} -run
+delay .1
+
+client c1 {
+ send "GET /7 HTTP/1.1\r\nHost: localhost\r\nBogo: Header\rMore\r\n\r\n"
+ rxresp
+ expect resp.status == 400
+} -run
+
+logexpect l1 -wait
+
More information about the varnish-commit
mailing list