Browse Source

[core] http_request_host_policy w/ http_parseopts

pass http_parseopts arg (instead of con) to http_request_host_policy()
personal/stbuehler/ci-build
Glenn Strauss 2 years ago
parent
commit
034d7d6734
  1. 5
      src/mod_extforward.c
  2. 6
      src/mod_openssl.c
  3. 9
      src/request.c
  4. 2
      src/request.h

5
src/mod_extforward.c

@ -930,8 +930,9 @@ static handler_t mod_extforward_Forwarded (connection *con, plugin_data *p, cons
buffer_copy_string_len(con->request.http_host, s+v, vlen-v);
}
if (0 != http_request_host_policy(con, con->request.http_host,
con->uri.scheme)) {
if (0 != http_request_host_policy(con->request.http_host,
con->uri.scheme,
con->conf.http_parseopts)) {
/*(reject invalid chars in Host)*/
log_error(con->conf.errh, __FILE__, __LINE__,
"invalid host= value in Forwarded header");

6
src/mod_openssl.c

@ -521,7 +521,8 @@ mod_openssl_SNI (SSL *ssl, handler_ctx *hctx, const char *servername, size_t len
#if 0
/*(con->uri.authority used below for configuration before request read;
* revisit for h2)*/
if (0 != http_request_host_policy(con, con->uri.authority, con->uri.scheme))
if (0 != http_request_host_policy(con->uri.authority, con->uri.scheme,
con->conf.http_parseopts))
return SSL_TLSEXT_ERR_ALERT_FATAL;
#endif
@ -772,7 +773,8 @@ mod_openssl_acme_tls_1 (SSL *ssl, handler_ctx *hctx)
if (NULL != strchr(name->ptr, '/')) return rc;
if (name->ptr[0] == '.') return rc;
#if 0
if (0 != http_request_host_policy(hctx->con, name, hctx->con->uri.scheme))
if (0 != http_request_host_policy(name, hctx->con->uri.scheme,
hctx->con->conf.http_parseopts))
return rc;
#endif
buffer_append_string_buffer(b, name);

9
src/request.c

@ -339,10 +339,10 @@ static int scheme_port (const buffer * const scheme)
return buffer_is_equal_string(scheme, CONST_STR_LEN("https")) ? 443 : 80;
}
int http_request_host_policy (connection * const con, buffer * const b, const buffer * const scheme) {
return (((con->conf.http_parseopts & HTTP_PARSEOPT_HOST_STRICT)
int http_request_host_policy (buffer * const b, const buffer * const scheme, const unsigned int http_parseopts) {
return (((http_parseopts & HTTP_PARSEOPT_HOST_STRICT)
&& 0 != request_check_hostname(b))
|| ((con->conf.http_parseopts & HTTP_PARSEOPT_HOST_NORMALIZE)
|| ((http_parseopts & HTTP_PARSEOPT_HOST_NORMALIZE)
&& 0 != http_request_host_normalize(b, scheme_port(scheme))));
}
@ -818,7 +818,8 @@ int http_request_parse(connection * const con, char * const hdrs, const unsigned
/* check hostname field if it is set */
if (con->request.http_host) {
if (0 != http_request_host_policy(con, con->request.http_host, con->proto))
if (0 != http_request_host_policy(con->request.http_host, con->proto,
con->conf.http_parseopts))
return http_request_header_line_invalid(con, 400, "Invalid Hostname -> 400");
}
else {

2
src/request.h

@ -7,6 +7,6 @@
int http_request_parse(connection *con, char *hdrs, const unsigned short *hloffsets);
int http_request_host_normalize(buffer *b, int scheme_port);
int http_request_host_policy(connection *con, buffer *b, const buffer *scheme);
int http_request_host_policy(buffer *b, const buffer *scheme, unsigned int http_parseopts);
#endif

Loading…
Cancel
Save