From 1dd58c5ad802ebca61e399d3b8846111de2e7ed8 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Sun, 8 Dec 2019 18:11:15 -0500 Subject: [PATCH] [multiple] con->proto_default_port --- src/base.h | 2 +- src/connections.c | 6 ++---- src/mod_extforward.c | 8 +++++--- src/mod_openssl.c | 9 ++++----- src/request.c | 15 +++++---------- src/request.h | 2 +- src/response.c | 5 ++++- src/t/test_request.c | 5 ++--- 8 files changed, 24 insertions(+), 28 deletions(-) diff --git a/src/base.h b/src/base.h index ead4298d..179a3ed2 100644 --- a/src/base.h +++ b/src/base.h @@ -224,8 +224,8 @@ struct connection { void *config_data_base; const buffer *server_name; - buffer *proto; buffer *server_name_buf; + uint16_t proto_default_port; /* error-handler */ int error_handler_saved_status; diff --git a/src/connections.c b/src/connections.c index b842c434..95cb8aef 100644 --- a/src/connections.c +++ b/src/connections.c @@ -561,7 +561,6 @@ static connection *connection_init(server *srv) { CLEAN(physical.etag); CLEAN(server_name_buf); - CLEAN(proto); CLEAN(dst_addr_buf); #undef CLEAN @@ -627,7 +626,6 @@ void connections_free(server *srv) { CLEAN(physical.rel_path); CLEAN(server_name_buf); - CLEAN(proto); CLEAN(dst_addr_buf); #undef CLEAN free(con->plugin_ctx); @@ -671,9 +669,9 @@ static int connection_reset(connection *con) { #undef CLEAN buffer_clear(con->uri.scheme); - /*buffer_clear(con->proto);*//* set to default in connection_accepted() */ /*buffer_clear(con->uri.authority);*/ /*buffer_clear(con->server_name_buf);*//* reset when used */ + /*con->proto_default_port = 80;*//*set to default in connection_accepted()*/ con->request.http_host = NULL; con->request.content_length = 0; @@ -1118,12 +1116,12 @@ connection *connection_accepted(server *srv, server_socket *srv_socket, sock_add buffer_copy_string(con->dst_addr_buf, inet_ntop_cache_get_ip(srv, &(con->dst_addr))); con->srv_socket = srv_socket; con->is_ssl_sock = srv_socket->is_ssl; + con->proto_default_port = 80; /* "http" */ config_cond_cache_reset(con); con->conditional_is_valid |= (1 << COMP_SERVER_SOCKET) | (1 << COMP_HTTP_REMOTE_IP); - buffer_copy_string_len(con->proto, CONST_STR_LEN("http")); if (HANDLER_GO_ON != plugins_call_handle_connection_accept(con)) { connection_reset(con); connection_close(con); diff --git a/src/mod_extforward.c b/src/mod_extforward.c index c7ebf1a6..7e301d87 100644 --- a/src/mod_extforward.c +++ b/src/mod_extforward.c @@ -930,9 +930,11 @@ static handler_t mod_extforward_Forwarded (connection *con, plugin_data *p, cons buffer_copy_string_len(con->request.http_host, s+v, vlen-v); } + int scheme_port = + buffer_eq_slen(con->uri.scheme,CONST_STR_LEN("https")) ? 443 : 80; if (0 != http_request_host_policy(con->request.http_host, - con->uri.scheme, - con->conf.http_parseopts)) { + con->conf.http_parseopts, + scheme_port)) { /*(reject invalid chars in Host)*/ log_error(con->conf.errh, __FILE__, __LINE__, "invalid host= value in Forwarded header"); @@ -1581,7 +1583,7 @@ static int mod_extforward_hap_PROXY_v2 (connection * const con, (struct pp2_tlv_ssl *)(void *)((char *)tlv+3); struct pp2_tlv *subtlv = tlv; if (tlv_ssl->client & PP2_CLIENT_SSL) { - buffer_copy_string_len(con->proto, CONST_STR_LEN("https")); + con->proto_default_port = 443; /* "https" */ } if ((tlv_ssl->client & (PP2_CLIENT_CERT_CONN|PP2_CLIENT_CERT_SESS)) && 0 == memcmp(&tlv_ssl->verify, &zero, 4)) { /* misaligned */ diff --git a/src/mod_openssl.c b/src/mod_openssl.c index c3643377..48b6a0e0 100644 --- a/src/mod_openssl.c +++ b/src/mod_openssl.c @@ -521,8 +521,8 @@ mod_openssl_SNI (SSL *ssl, handler_ctx *hctx, const char *servername, size_t len #if 0 /*(con->uri.authority used below for configuration before request read; * revisit for h2)*/ - if (0 != http_request_host_policy(con->uri.authority, con->uri.scheme, - con->conf.http_parseopts)) + if (0 != http_request_host_policy(con->uri.authority, + con->conf.http_parseopts, 443)) return SSL_TLSEXT_ERR_ALERT_FATAL; #endif @@ -773,8 +773,7 @@ mod_openssl_acme_tls_1 (SSL *ssl, handler_ctx *hctx) if (NULL != strchr(name->ptr, '/')) return rc; if (name->ptr[0] == '.') return rc; #if 0 - if (0 != http_request_host_policy(name, hctx->con->uri.scheme, - hctx->con->conf.http_parseopts)) + if (0 != http_request_host_policy(name,hctx->con->conf.http_parseopts,443)) return rc; #endif buffer_append_string_buffer(b, name); @@ -2045,7 +2044,7 @@ CONNECTION_FUNC(mod_openssl_handle_con_accept) SSL_set_accept_state(hctx->ssl); con->network_read = connection_read_cq_ssl; con->network_write = connection_write_cq_ssl; - buffer_copy_string_len(con->proto, CONST_STR_LEN("https")); + con->proto_default_port = 443; /* "https" */ mod_openssl_patch_config(con, &hctx->conf); return HANDLER_GO_ON; } diff --git a/src/request.c b/src/request.c index d6c1c6a2..7058f749 100644 --- a/src/request.c +++ b/src/request.c @@ -333,17 +333,11 @@ int http_request_host_normalize(buffer * const b, const int scheme_port) { return 0; } -__attribute_pure__ -static int scheme_port (const buffer * const scheme) -{ - return buffer_is_equal_string(scheme, CONST_STR_LEN("https")) ? 443 : 80; -} - -int http_request_host_policy (buffer * const b, const buffer * const scheme, const unsigned int http_parseopts) { +int http_request_host_policy (buffer * const b, const unsigned int http_parseopts, const int scheme_port) { return (((http_parseopts & HTTP_PARSEOPT_HOST_STRICT) && 0 != request_check_hostname(b)) || ((http_parseopts & HTTP_PARSEOPT_HOST_NORMALIZE) - && 0 != http_request_host_normalize(b, scheme_port(scheme)))); + && 0 != http_request_host_normalize(b, scheme_port))); } __attribute_pure__ /*(could be even more strict and use __attribute_const__)*/ @@ -818,8 +812,9 @@ int http_request_parse(connection * const con, char * const hdrs, const unsigned /* check hostname field if it is set */ if (con->request.http_host) { - if (0 != http_request_host_policy(con->request.http_host, con->proto, - con->conf.http_parseopts)) + if (0 != http_request_host_policy(con->request.http_host, + con->conf.http_parseopts, + con->proto_default_port)) return http_request_header_line_invalid(con, 400, "Invalid Hostname -> 400"); } else { diff --git a/src/request.h b/src/request.h index 1d896027..e63a7285 100644 --- a/src/request.h +++ b/src/request.h @@ -7,6 +7,6 @@ int http_request_parse(connection *con, char *hdrs, const unsigned short *hloffsets); int http_request_host_normalize(buffer *b, int scheme_port); -int http_request_host_policy(buffer *b, const buffer *scheme, unsigned int http_parseopts); +int http_request_host_policy(buffer *b, unsigned int http_parseopts, int scheme_port); #endif diff --git a/src/response.c b/src/response.c index 1770c5d8..a18af5b7 100644 --- a/src/response.c +++ b/src/response.c @@ -355,7 +355,10 @@ handler_t http_response_prepare(connection *con) { /* take initial scheme value from connection-level state * (request con->uri.scheme can be overwritten for later, * for example by mod_extforward or mod_magnet) */ - buffer_copy_buffer(con->uri.scheme, con->proto); + if (con->proto_default_port == 443) + buffer_copy_string_len(con->uri.scheme, CONST_STR_LEN("https")); + else + buffer_copy_string_len(con->uri.scheme, CONST_STR_LEN("http")); buffer_copy_buffer(con->uri.authority, con->request.http_host); buffer_to_lower(con->uri.authority); diff --git a/src/t/test_request.c b/src/t/test_request.c index 0b7e6996..9846200d 100644 --- a/src/t/test_request.c +++ b/src/t/test_request.c @@ -20,7 +20,7 @@ static void test_request_connection_reset(connection *con) con->request.content_length = 0; con->header_len = 0; con->http_status = 0; - buffer_reset(con->proto); + con->proto_default_port = 80; buffer_reset(con->request.request); buffer_reset(con->request.orig_uri); buffer_reset(con->request.uri); @@ -586,7 +586,7 @@ int main (void) memset(&con, 0, sizeof(connection)); con.srv = &srv; - con.proto = buffer_init(); + con.proto_default_port = 80; con.request.request = buffer_init(); con.request.orig_uri = buffer_init(); con.request.uri = buffer_init(); @@ -598,7 +598,6 @@ int main (void) test_request_http_request_parse(&con); - buffer_free(con.proto); buffer_free(con.request.request); buffer_free(con.request.orig_uri); buffer_free(con.request.uri);