File: REORG-http-move-has_forbidden_char-from-h2.c-to-http.patch

package info (click to toggle)
haproxy 2.6.12-1%2Bdeb12u2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 21,096 kB
  • sloc: ansic: 211,463; javascript: 2,442; sh: 2,173; xml: 1,756; python: 1,301; makefile: 1,083; perl: 168
file content (109 lines) | stat: -rw-r--r-- 4,302 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
 
From: Willy Tarreau <w@1wt.eu>
Date: Tue, 8 Aug 2023 17:00:50 +0200
Subject: REORG: http: move has_forbidden_char() from h2.c to http.h
Origin: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=4a776fd01560a8dfa7a57b30b4d5249c8da7b12c

This function is not H2 specific but rather generic to HTTP. We'll
need it in H3 soon, so let's move it to HTTP and rename it to
http_header_has_forbidden_char().

(cherry picked from commit d4069f3cee0f6e94afaec518b6373dd368073f52)
 [ad: backported for next patch BUG/MAJOR: h3: reject header values
 containing invalid chars]
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit 21c4ffd025115058994a3e2765c17fc3cee52f90)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit 9c0bc4f201cf58c10706416cb4807c0f4794f8ac)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
---
 include/haproxy/http.h | 18 ++++++++++++++++++
 src/h2.c               | 23 +++--------------------
 2 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/include/haproxy/http.h b/include/haproxy/http.h
index f597ee4cd1dc..41eca98a1e87 100644
--- a/include/haproxy/http.h
+++ b/include/haproxy/http.h
@@ -173,6 +173,24 @@ static inline struct http_uri_parser http_uri_parser_init(const struct ist uri)
 	return parser;
 }
 
+/* Looks into <ist> for forbidden characters for header values (0x00, 0x0A,
+ * 0x0D), starting at pointer <start> which must be within <ist>. Returns
+ * non-zero if such a character is found, 0 otherwise. When run on unlikely
+ * header match, it's recommended to first check for the presence of control
+ * chars using ist_find_ctl().
+ */
+static inline int http_header_has_forbidden_char(const struct ist ist, const char *start)
+{
+	do {
+		if ((uint8_t)*start <= 0x0d &&
+		    (1U << (uint8_t)*start) & ((1<<13) | (1<<10) | (1<<0)))
+			return 1;
+		start++;
+	} while (start < istend(ist));
+	return 0;
+}
+
+
 #endif /* _HAPROXY_HTTP_H */
 
 /*
diff --git a/src/h2.c b/src/h2.c
index f794262ee7af..76c936783461 100644
--- a/src/h2.c
+++ b/src/h2.c
@@ -49,23 +49,6 @@ struct h2_frame_definition h2_frame_definition[H2_FT_ENTRIES] =	{
 	 [H2_FT_CONTINUATION ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
 };
 
-/* Looks into <ist> for forbidden characters for header values (0x00, 0x0A,
- * 0x0D), starting at pointer <start> which must be within <ist>. Returns
- * non-zero if such a character is found, 0 otherwise. When run on unlikely
- * header match, it's recommended to first check for the presence of control
- * chars using ist_find_ctl().
- */
-static int has_forbidden_char(const struct ist ist, const char *start)
-{
-	do {
-		if ((uint8_t)*start <= 0x0d &&
-		    (1U << (uint8_t)*start) & ((1<<13) | (1<<10) | (1<<0)))
-			return 1;
-		start++;
-	} while (start < istend(ist));
-	return 0;
-}
-
 /* Prepare the request line into <htx> from pseudo headers stored in <phdr[]>.
  * <fields> indicates what was found so far. This should be called once at the
  * detection of the first general header field or at the end of the request if
@@ -353,7 +336,7 @@ int h2_make_htx_request(struct http_hdr *list, struct htx *htx, unsigned int *ms
 		 * rejecting NUL, CR and LF characters.
 		 */
 		ctl = ist_find_ctl(list[idx].v);
-		if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
+		if (unlikely(ctl) && http_header_has_forbidden_char(list[idx].v, ctl))
 			goto fail;
 
 		if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) {
@@ -638,7 +621,7 @@ int h2_make_htx_response(struct http_hdr *list, struct htx *htx, unsigned int *m
 		 * rejecting NUL, CR and LF characters.
 		 */
 		ctl = ist_find_ctl(list[idx].v);
-		if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
+		if (unlikely(ctl) && http_header_has_forbidden_char(list[idx].v, ctl))
 			goto fail;
 
 		if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) {
@@ -797,7 +780,7 @@ int h2_make_htx_trailers(struct http_hdr *list, struct htx *htx)
 		 * rejecting NUL, CR and LF characters.
 		 */
 		ctl = ist_find_ctl(list[idx].v);
-		if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
+		if (unlikely(ctl) && http_header_has_forbidden_char(list[idx].v, ctl))
 			goto fail;
 
 		if (!htx_add_trailer(htx, list[idx].n, list[idx].v))
-- 
2.43.0