From 034d7d6734f92e8bcb5ecb64d03aa7c937a305bd Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Sun, 8 Dec 2019 08:47:42 -0500 Subject: [PATCH] [core] http_request_host_policy w/ http_parseopts pass http_parseopts arg (instead of con) to http_request_host_policy() --- src/mod_extforward.c | 5 +++-- src/mod_openssl.c | 6 ++++-- src/request.c | 9 +++++---- src/request.h | 2 +- 4 files changed, 13 insertions(+), 9 deletions(-) diff --git a/src/mod_extforward.c b/src/mod_extforward.c index d9d25ae9..c7ebf1a6 100644 --- a/src/mod_extforward.c +++ b/src/mod_extforward.c @@ -930,8 +930,9 @@ static handler_t mod_extforward_Forwarded (connection *con, plugin_data *p, cons buffer_copy_string_len(con->request.http_host, s+v, vlen-v); } - if (0 != http_request_host_policy(con, con->request.http_host, - con->uri.scheme)) { + if (0 != http_request_host_policy(con->request.http_host, + con->uri.scheme, + con->conf.http_parseopts)) { /*(reject invalid chars in Host)*/ log_error(con->conf.errh, __FILE__, __LINE__, "invalid host= value in Forwarded header"); diff --git a/src/mod_openssl.c b/src/mod_openssl.c index af587a6d..c3643377 100644 --- a/src/mod_openssl.c +++ b/src/mod_openssl.c @@ -521,7 +521,8 @@ mod_openssl_SNI (SSL *ssl, handler_ctx *hctx, const char *servername, size_t len #if 0 /*(con->uri.authority used below for configuration before request read; * revisit for h2)*/ - if (0 != http_request_host_policy(con, con->uri.authority, con->uri.scheme)) + if (0 != http_request_host_policy(con->uri.authority, con->uri.scheme, + con->conf.http_parseopts)) return SSL_TLSEXT_ERR_ALERT_FATAL; #endif @@ -772,7 +773,8 @@ mod_openssl_acme_tls_1 (SSL *ssl, handler_ctx *hctx) if (NULL != strchr(name->ptr, '/')) return rc; if (name->ptr[0] == '.') return rc; #if 0 - if (0 != http_request_host_policy(hctx->con, name, hctx->con->uri.scheme)) + if (0 != http_request_host_policy(name, hctx->con->uri.scheme, + hctx->con->conf.http_parseopts)) return rc; #endif buffer_append_string_buffer(b, name); diff --git a/src/request.c b/src/request.c index e35694a6..d6c1c6a2 100644 --- a/src/request.c +++ b/src/request.c @@ -339,10 +339,10 @@ static int scheme_port (const buffer * const scheme) return buffer_is_equal_string(scheme, CONST_STR_LEN("https")) ? 443 : 80; } -int http_request_host_policy (connection * const con, buffer * const b, const buffer * const scheme) { - return (((con->conf.http_parseopts & HTTP_PARSEOPT_HOST_STRICT) +int http_request_host_policy (buffer * const b, const buffer * const scheme, const unsigned int http_parseopts) { + return (((http_parseopts & HTTP_PARSEOPT_HOST_STRICT) && 0 != request_check_hostname(b)) - || ((con->conf.http_parseopts & HTTP_PARSEOPT_HOST_NORMALIZE) + || ((http_parseopts & HTTP_PARSEOPT_HOST_NORMALIZE) && 0 != http_request_host_normalize(b, scheme_port(scheme)))); } @@ -818,7 +818,8 @@ int http_request_parse(connection * const con, char * const hdrs, const unsigned /* check hostname field if it is set */ if (con->request.http_host) { - if (0 != http_request_host_policy(con, con->request.http_host, con->proto)) + if (0 != http_request_host_policy(con->request.http_host, con->proto, + con->conf.http_parseopts)) return http_request_header_line_invalid(con, 400, "Invalid Hostname -> 400"); } else { diff --git a/src/request.h b/src/request.h index 84503d9e..1d896027 100644 --- a/src/request.h +++ b/src/request.h @@ -7,6 +7,6 @@ int http_request_parse(connection *con, char *hdrs, const unsigned short *hloffsets); int http_request_host_normalize(buffer *b, int scheme_port); -int http_request_host_policy(connection *con, buffer *b, const buffer *scheme); +int http_request_host_policy(buffer *b, const buffer *scheme, unsigned int http_parseopts); #endif