Browse Source

[mod_extforward] shared mod_extforward_bad_request

master
Glenn Strauss 7 months ago
parent
commit
2097fe441b
  1. 44
      src/mod_extforward.c

44
src/mod_extforward.c

@ -701,6 +701,15 @@ static int buffer_backslash_unescape (buffer * const b) {
return 1;
}
__attribute_cold__
static handler_t mod_extforward_bad_request (request_st * const r, const unsigned int line, const char * const msg)
{
r->http_status = 400; /* Bad Request */
r->handler_module = NULL;
log_error(r->conf.errh, __FILE__, line, "%s", msg);
return HANDLER_FINISHED;
}
static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * const p, const buffer * const forwarded) {
/* HTTP list need not consist of param=value tokens,
* but this routine expect such for HTTP Forwarded header
@ -737,11 +746,8 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
i = find_next_semicolon_or_comma_or_eq(s, i);
if (i < 0) {
/*(reject IP spoofing if attacker sets improper quoted-string)*/
log_error(r->conf.errh, __FILE__, __LINE__,
return mod_extforward_bad_request(r, __LINE__,
"invalid quoted-string in Forwarded header");
r->http_status = 400; /* Bad Request */
r->handler_module = NULL;
return HANDLER_FINISHED;
}
if (s[i] != '=') continue;
klen = i - k;
@ -749,11 +755,8 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
i = find_next_semicolon_or_comma(s, i);
if (i < 0) {
/*(reject IP spoofing if attacker sets improper quoted-string)*/
log_error(r->conf.errh, __FILE__, __LINE__,
return mod_extforward_bad_request(r, __LINE__,
"invalid quoted-string in Forwarded header");
r->http_status = 400; /* Bad Request */
r->handler_module = NULL;
return HANDLER_FINISHED;
}
vlen = i - v; /* might be 0 */
@ -772,11 +775,8 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
if (j >= (int)(sizeof(offsets)/sizeof(int))-4) {
/* error processing Forwarded; too many params; fail closed */
log_error(r->conf.errh, __FILE__, __LINE__,
return mod_extforward_bad_request(r, __LINE__,
"Too many params in Forwarded header");
r->http_status = 400; /* Bad Request */
r->handler_module = NULL;
return HANDLER_FINISHED;
}
if (-1 == j) return HANDLER_GO_ON; /* make no changes */
@ -807,11 +807,8 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
++v;
do { --vlen; } while (vlen > v && s[vlen] != ']');
if (v == vlen) {
log_error(r->conf.errh, __FILE__, __LINE__,
return mod_extforward_bad_request(r, __LINE__,
"Invalid IPv6 addr in Forwarded header");
r->http_status = 400; /* Bad Request */
r->handler_module = NULL;
return HANDLER_FINISHED;
}
}
else if (s[v] != '_' && s[v] != '/' && s[v] != 'u') {
@ -949,11 +946,8 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
++v; --vlen;
buffer_copy_string_len(r->http_host, s+v, vlen-v);
if (!buffer_backslash_unescape(r->http_host)) {
log_error(r->conf.errh, __FILE__, __LINE__,
return mod_extforward_bad_request(r, __LINE__,
"invalid host= value in Forwarded header");
r->http_status = 400; /* Bad Request */
r->handler_module = NULL;
return HANDLER_FINISHED;
}
}
else {
@ -964,11 +958,8 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
r->conf.http_parseopts,
r->con->proto_default_port)) {
/*(reject invalid chars in Host)*/
log_error(r->conf.errh, __FILE__, __LINE__,
return mod_extforward_bad_request(r, __LINE__,
"invalid host= value in Forwarded header");
r->http_status = 400; /* Bad Request */
r->handler_module = NULL;
return HANDLER_FINISHED;
}
config_cond_cache_reset_item(r, COMP_HTTP_HOST);
@ -999,11 +990,8 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
euser = http_header_env_get(r, CONST_STR_LEN("REMOTE_USER"));
force_assert(NULL != euser);
if (!buffer_backslash_unescape(euser)) {
log_error(r->conf.errh, __FILE__, __LINE__,
return mod_extforward_bad_request(r, __LINE__,
"invalid remote_user= value in Forwarded header");
r->http_status = 400; /* Bad Request */
r->handler_module = NULL;
return HANDLER_FINISHED;
}
}
else {

Loading…
Cancel
Save