upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-09 02:46:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 15
haproxy/src
History
Christopher Faulet 3f5fbe9407 BUG/MEDIUM: h1: Improve authority validation for CONNCET request 
From time to time, users complain to get 400-Bad-request responses for
totally valid CONNECT requests. After analysis, it is due to the H1 parser
performs an exact match between the authority and the host header value. For
non-CONNECT requests, it is valid. But for CONNECT requests the authority
must contain a port while it is often omitted from the host header value
(for default ports).

So, to be sure to not reject valid CONNECT requests, a basic authority
validation is now performed during the message parsing. In addition, the
host header value is normalized. It means the default port is removed if
possible.

This patch should solve the issue #1761. It must be backported to 2.6 and
probably as far as 2.4.
2022-07-07 09:35:58 +02:00
..
acl.c MINOR: acl: alphanumerically sort the ACL dump 2022-03-30 11:49:59 +02:00
action.c BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments 2022-04-25 15:28:21 +02:00
activity.c MINOR: thread: only use atomic ops to touch the flags 2022-07-01 19:15:14 +02:00
applet.c MINOR: applet: always use task_new_on() on applet creation 2022-07-01 19:15:14 +02:00
arg.c MINOR: arg: Be able to forbid unresolved args when building an argument list 2021-09-30 16:37:05 +02:00
auth.c BUILD: auth: include missing list.h 2021-05-08 12:29:51 +02:00
backend.c CLEANUP: stconn: replace a few remaining occurrences of CS in comments or traces 2022-05-27 19:33:35 +02:00
base64.c BUG/MINOR: base64: base64urldec() ignores padding in output size check 2021-08-25 16:14:14 +02:00
cache.c CLEANUP: applet: rename appctx_cs() to appctx_sc() 2022-05-27 19:33:35 +02:00
calltrace.c BUILD: calltrace: fix wrong include when building with TRACE=1 2022-04-19 08:23:30 +02:00
cbuf.c CLEANUP: pool/tree-wide: remove suffix "_pool" from certain pool names 2022-06-23 11:49:09 +02:00
cfgcond.c MINOR: ssl: Add ssllib_name_startswith precondition 2021-10-13 11:28:08 +02:00
cfgdiag.c CLEANUP: assorted typo fixes in the code and comments 2021-04-26 10:42:58 +02:00
cfgparse-global.c MINOR: config: Add "cluster-secret" new global keyword 2022-05-12 17:48:35 +02:00
cfgparse-listen.c MINOR: config: use the new bind_parse_args_list() to parse a "bind" line 2022-05-20 18:39:43 +02:00
cfgparse-quic.c MINOR: quic: Connection TX buffer setting renaming. 2022-05-30 09:59:26 +02:00
cfgparse-ssl.c MINOR: listener/ssl: set the SSL xprt layer only once the whole config is known 2022-05-20 18:41:55 +02:00
cfgparse-tcp.c CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h 2022-04-26 10:59:48 +02:00
cfgparse-unix.c CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h 2022-04-26 10:59:48 +02:00
cfgparse.c BUG/MINOR: peers: fix possible NULL dereferences at config parsing 2022-07-06 14:40:11 +02:00
channel.c CLEANUP: conn_stream: tree-wide rename to stconn (stream connector) 2022-05-27 19:33:34 +02:00
check.c MINOR: task: replace task_set_affinity() with task_set_thread() 2022-07-01 19:15:14 +02:00
chunk.c CLEANUP: chunks: release trash also in deinit 2022-04-27 17:55:41 +02:00
cli.c BUG/MEDIUM: cli: Notify cli applet won't consume data during request processing 2022-06-13 14:33:30 +02:00
clock.c MINOR: clock: use ltid_bit in clock_report_idle() 2022-07-01 19:15:15 +02:00
compression.c CLEANUP: compression: move the default setting of maxzlibmem to defaults 2022-04-25 19:42:43 +02:00
connection.c MINOR: connection: support HTTP/3.0 for smp_*_http_major fetch 2022-06-07 12:04:12 +02:00
cpuset.c BUILD: cpuset: do not use const on the source of CPU_AND/CPU_ASSIGN 2022-01-28 19:04:02 +01:00
debug.c BUILD: debug: re-export thread_dump_state 2022-07-01 21:18:03 +02:00
dgram.c REORG: dgram: rename proto_udp to dgram 2020-06-11 10:18:59 +02:00
dict.c CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec 2021-04-07 18:18:37 +02:00
dns.c MINOR: thread: get rid of MAX_THREADS_MASK 2022-06-14 11:18:40 +02:00
dynbuf.c REORG: thread/sched: move the last dynamic thread_info to thread_ctx 2021-10-08 17:22:26 +02:00
eb32sctree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
eb32tree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
eb64tree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
ebimtree.c CLEANUP: include: tree-wide alphabetical sort of include files 2020-06-11 10:18:59 +02:00
ebistree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
ebmbtree.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
ebpttree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
ebsttree.c REORG: ebtree: move the include files from ebtree to include/import/ 2020-06-11 09:31:11 +02:00
ebtree.c BUG/MEDIUM: ebtree: use a byte-per-byte memcmp() to compare memory blocks 2020-06-16 11:30:33 +02:00
errors.c CLEANUP: ring: pass the ring watch flags to ring_attach_cli(), not in ctx.cli 2022-05-06 18:13:36 +02:00
ev_epoll.c MINOR: poller: centralize poll return handling 2022-07-01 19:15:14 +02:00
ev_evports.c MINOR: poller: centralize poll return handling 2022-07-01 19:15:14 +02:00
ev_kqueue.c MINOR: poller: centralize poll return handling 2022-07-01 19:15:14 +02:00
ev_poll.c MINOR: poller: centralize poll return handling 2022-07-01 19:15:14 +02:00
ev_select.c MINOR: poller: centralize poll return handling 2022-07-01 19:15:14 +02:00
extcheck.c MINOR: task: replace task_set_affinity() with task_set_thread() 2022-07-01 19:15:14 +02:00
fcgi-app.c MEDIUM: http-ana: Add a proxy option to restrict chars in request header names 2022-05-16 16:00:26 +02:00
fcgi.c CLEANUP: Reapply ist.cocci with --include-headers-for-types --recursive-includes 2022-03-21 08:30:47 +01:00
fd.c MEDIUM: tasks/fd: replace sleeping_thread_mask with a TH_FL_SLEEPING flag 2022-07-01 19:15:14 +02:00
filters.c CLEANUP: tree-wide: Remove any ref to stream-interfaces 2022-04-13 15:10:16 +02:00
fix.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
flt_bwlim.c CLEANUP: bwlim: Set pointers to NULL when memory is released 2022-07-06 09:34:54 +02:00
flt_http_comp.c BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags 2022-04-15 16:22:33 +02:00
flt_spoe.c CLEANUP: applet: rename appctx_cs() to appctx_sc() 2022-05-27 19:33:35 +02:00
flt_trace.c CLEANUP: Apply ist.cocci 2021-11-08 12:08:26 +01:00
freq_ctr.c MINOR: freq_ctr: Add a function to get events excess over the current period 2022-06-22 18:33:27 +02:00
frontend.c REORG: rename cs_utils.h to sc_strm.h 2022-05-27 19:33:35 +02:00
h1.c BUG/MEDIUM: h1: Improve authority validation for CONNCET request 2022-07-07 09:35:58 +02:00
h1_htx.c BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols 2022-05-24 15:38:05 +02:00
h2.c CLEANUP: Reapply ist.cocci with --include-headers-for-types --recursive-includes 2022-03-21 08:30:47 +01:00
h3.c MEDIUM: mux-quic: refactor streams opening 2022-07-05 16:18:27 +02:00
h3_stats.c MINOR: h3: Add a statistics module for h3 2022-05-30 09:59:26 +02:00
haproxy.c CLEANUP: thread: also remove a thread's bit from stopping_threads on stop 2022-07-06 10:19:46 +02:00
hash.c REORG: include: move base64.h, errors.h and hash.h from common to to haproxy/ 2020-06-11 10:18:56 +02:00
hlua.c CLEANUP: task: remove thread_mask from the struct task 2022-07-01 19:15:14 +02:00
hlua_fcn.c CLEANUP: Add missing header to hlua_fcn.c 2022-05-17 11:40:33 +02:00
hpack-dec.c BUILD/DEBUG: hpack: use unsigned int in printf format in debug code 2022-04-12 08:40:38 +02:00
hpack-enc.c CLEANUP: include: tree-wide alphabetical sort of include files 2020-06-11 10:18:59 +02:00
hpack-huff.c OPTIM: hpack: read 32 bits at once when possible. 2022-04-01 17:29:06 +02:00
hpack-tbl.c BUILD/DEBUG: hpack-tbl: fix format string in standalone debug code 2022-04-12 08:30:08 +02:00
hq_interop.c MINOR: mux-quic/h3: adjust demuxing function return values 2022-06-07 18:15:47 +02:00
http.c MINOR: http: Add function to detect default port 2022-07-06 17:54:03 +02:00
http_acl.c CLEANUP: acl: don't reference the generic pattern deletion function anymore 2020-11-05 19:27:09 +01:00
http_act.c BUG/MINOR: http-act: Properly generate 103 responses when several rules are used 2022-07-06 09:37:43 +02:00
http_ana.c BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created 2022-06-22 17:50:54 +02:00
http_client.c MEDIUM: httpclient: Don't close CLI applet at the end of a response 2022-06-01 17:20:57 +02:00
http_conv.c BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples 2022-04-08 10:12:59 +02:00
http_fetch.c BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch 2022-06-22 17:50:54 +02:00
http_htx.c BUG/MINOR: http-htx: Fix scheme based normalization for URIs wih userinfo 2022-07-06 17:54:02 +02:00
http_rules.c BUILD: http: remove the two unused constructors in rules and ana 2022-04-25 19:26:26 +02:00
htx.c BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks() 2022-02-28 17:16:55 +01:00
init.c MINOR: init: add the pre-check callback 2022-04-22 15:45:47 +02:00
jwt.c BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls 2022-02-15 20:08:20 +01:00
lb_chash.c MINOR: server: replace the pendconns-related stuff with a struct queue 2021-06-22 18:43:14 +02:00
lb_fas.c MINOR: server: replace the pendconns-related stuff with a struct queue 2021-06-22 18:43:14 +02:00
lb_fwlc.c BUG/MEDIUM: leastconn: fix rare possibility of divide by zero 2021-09-22 07:24:02 +02:00
lb_fwrr.c CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
lb_map.c MINOR: server: replace the pendconns-related stuff with a struct queue 2021-06-22 18:43:14 +02:00
listener.c MINOR: thread: only use atomic ops to touch the flags 2022-07-01 19:15:14 +02:00
log.c BUG/MINOR: log: Properly test connection retries to fix dontlog-normal option 2022-06-17 14:53:21 +02:00
lru.c BUILD/DEBUG: lru: fix printf format in debug code 2022-04-12 08:19:33 +02:00
mailers.c BUG/MEDIUM: mailers: Set the object type for check attached to an email alert 2022-06-08 15:28:38 +02:00
map.c CLEANUP: applet: rename appctx_cs() to appctx_sc() 2022-05-27 19:33:35 +02:00
mjson.c MINOR: sample: converter: Add mjson library. 2021-04-15 17:05:38 +02:00
mqtt.c MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1 2022-03-22 09:25:52 +01:00
mux_fcgi.c BUILD: htx: use the unchecked version of htx_get_head_blk() where needed 2022-05-30 16:27:48 +02:00
mux_h1.c CLEANUP: muxes: Consider stream's sd as defined in .show_fd callback functions 2022-05-30 08:45:16 +02:00
mux_h2.c CLEANUP: h2: Typo fix in h2_unsubcribe() traces 2022-06-30 14:34:32 +02:00
mux_pt.c CLEANUP: mux-pt: rename the "endp" field to "sd" 2022-05-27 19:33:35 +02:00
mux_quic.c MINOR: mux-quic: emit FINAL_SIZE_ERROR on invalid STREAM size 2022-07-05 16:44:01 +02:00
mworker-prog.c BUILD: mworker: include tools.h for platforms without unsetenv() 2022-01-28 19:04:02 +01:00
mworker.c CLEANUP: mworker: rename mworker_pipe to mworker_sockpair 2022-07-05 09:06:04 +02:00
namespace.c REORG: include: move the error reporting functions to from log.h to errors.h 2020-06-11 10:18:59 +02:00
ncbuf.c MINOR: ncbuf: implement ncb_is_fragmented() 2022-07-01 15:54:23 +02:00
pattern.c CLEANUP: Add haproxy/xxhash.h to avoid modifying import/xxhash.h 2021-09-11 19:58:45 +02:00
payload.c CLEANUP: check: rename all occurrences of stconn "cs" to "sc" 2022-05-27 19:33:35 +02:00
peers.c MAJOR: task: use t->tid instead of ffsl(t->thread_mask) to take the thread ID 2022-07-01 19:15:14 +02:00
pipe.c CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec 2021-04-07 18:18:37 +02:00
pool.c REORG: stconn: rename conn_stream.{c,h} to stconn.{c,h} 2022-05-27 19:33:35 +02:00
proto_quic.c CLEANUP: pool/tree-wide: remove suffix "_pool" from certain pool names 2022-06-23 11:49:09 +02:00
proto_sockpair.c MINOR: protocol: replace ctrl_type with xprt_type and clarify it 2022-05-20 18:39:43 +02:00
proto_tcp.c MINOR: protocol: replace ctrl_type with xprt_type and clarify it 2022-05-20 18:39:43 +02:00
proto_udp.c MINOR: protocol: replace ctrl_type with xprt_type and clarify it 2022-05-20 18:39:43 +02:00
proto_uxdg.c MINOR: protocol: replace ctrl_type with xprt_type and clarify it 2022-05-20 18:39:43 +02:00
proto_uxst.c MINOR: protocol: replace ctrl_type with xprt_type and clarify it 2022-05-20 18:39:43 +02:00
protocol.c MINOR: protocol: replace ctrl_type with xprt_type and clarify it 2022-05-20 18:39:43 +02:00
proxy.c MINOR: proxy: use tg->threads_enabled in hard_stop() to detect stopped threads 2022-07-04 14:09:39 +02:00
qpack-dec.c MINOR: qpack: properly handle invalid dynamic table references 2022-06-30 11:51:06 +02:00
qpack-enc.c BUG/MINOR: qpack: support bigger prefix-integer encoding 2022-05-30 14:30:05 +02:00
qpack-tbl.c CLEANUP: tree-wide: remove a few rare non-ASCII chars 2022-03-04 08:58:32 +01:00
queue.c MEDIUM: queue: revert to regular inter-task wakeups 2022-07-01 19:15:14 +02:00
quic_cc.c CLEANUP: tree-wide: remove a few rare non-ASCII chars 2022-03-04 08:58:32 +01:00
quic_cc_newreno.c CLEANUP: quic: Remove window redundant variable from NewReno algorithm state struct 2022-03-04 17:47:32 +01:00
quic_frame.c BUILD: quic+h3: 32-bit compilation errors fixes 2022-06-24 12:13:53 +02:00
quic_loss.c MINOR: quic_stats: Add transport new counters (lost, stateless reset, drop) 2022-05-30 09:59:26 +02:00
quic_sock.c MINOR: quic: Improvements for the datagrams receipt 2022-06-30 14:34:27 +02:00
quic_stats.c MINOR: quic: Add new stats counter to diagnose RX buffer overrun 2022-06-30 14:24:04 +02:00
quic_stream.c CLEANUP: quic: drop the name "conn_stream" from the pool variable names 2022-05-27 19:33:35 +02:00
quic_tls.c CLEANUP: quic: Remove any reference to boringssl 2022-06-16 15:58:48 +02:00
quic_tp.c MINOR: quic: Dump version_information transport parameter 2022-06-21 11:07:39 +02:00
raw_sock.c MINOR: tree-wide: always consider EWOULDBLOCK in addition to EAGAIN 2022-04-25 20:32:15 +02:00
regex.c OPTIM: regex: PCRE2 use JIT match when JIT optimisation occured. 2020-08-14 07:53:40 +02:00
resolvers.c BUG/MINOR: server: do not enable DNS resolution on disabled proxies 2022-06-10 11:17:27 +02:00
ring.c CLEANUP: applet: rename appctx_cs() to appctx_sc() 2022-05-27 19:33:35 +02:00
sample.c BUG/MEDIUM: sample: Fix adjusting size in word converter 2022-05-27 19:33:34 +02:00
server.c MINOR: server: indicate when no address was expected for a server 2022-05-31 09:25:34 +02:00
server_state.c BUILD: server-state: avoid using not-so-portable isblank() 2022-01-28 19:04:02 +01:00
session.c BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd() 2022-03-11 07:25:11 +01:00
sha1.c BUILD: use inttypes.h instead of stdint.h 2019-04-01 07:44:56 +02:00
shctx.c MINOR: shctx: add a few BUG_ON() for consistency checks 2021-11-19 19:25:13 +01:00
signal.c CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion 2021-04-21 09:20:17 +02:00
sink.c CLEANUP: applet: rename appctx_cs() to appctx_sc() 2022-05-27 19:33:35 +02:00
slz.c IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode 2021-12-06 09:14:20 +01:00
sock.c MINOR: connection: get rid of the CO_FL_ADDR_*_SET flags 2022-05-02 17:47:46 +02:00
sock_inet.c CLEANUP: tree-wide: use fd_set_nonblock() and fd_set_cloexec() 2022-04-26 10:59:48 +02:00
sock_unix.c CLEANUP: tree-wide: use fd_set_nonblock() and fd_set_cloexec() 2022-04-26 10:59:48 +02:00
ssl_ckch.c BUG/MINOR: ssl: Do not look for key in extra files if already in pem 2022-06-22 10:45:47 +02:00
ssl_crtlist.c BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list 2022-06-20 17:27:49 +02:00
ssl_sample.c CLEANUP: check: rename all occurrences of stconn "cs" to "sc" 2022-05-27 19:33:35 +02:00
ssl_sock.c BUG/MEDIUM: ssl/fd: unexpected fd close using async engine 2022-07-01 17:41:40 +02:00
ssl_utils.c CLEANUP: Add missing header to ssl_utils.c 2022-05-17 11:40:33 +02:00
stats.c BUG/MINOR: cli/stats: add missing trailing LF after "show info json" 2022-06-10 15:12:21 +02:00
stconn.c CLEANUP: stconn: Don't expect to have no sedesc on detach 2022-06-17 13:25:02 +02:00
stick_table.c CLEANUP: applet: rename appctx_cs() to appctx_sc() 2022-05-27 19:33:35 +02:00
stream.c CLEANUP: task: remove thread_mask from the struct task 2022-07-01 19:15:14 +02:00
task.c MINOR: thread: only use atomic ops to touch the flags 2022-07-01 19:15:14 +02:00
tcp_act.c REORG: rename cs_utils.h to sc_strm.h 2022-05-27 19:33:35 +02:00
tcp_rules.c BUG/MINOR: tcp-rules: Make action call final on read error and delay expiration 2022-06-13 08:04:10 +02:00
tcp_sample.c CLEANUP: check: rename all occurrences of stconn "cs" to "sc" 2022-05-27 19:33:35 +02:00
tcpcheck.c BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule 2022-07-06 09:35:13 +02:00
thread.c MAJOR: threads: change thread_isolate to support inter-group synchronization 2022-07-01 19:15:15 +02:00
time.c REORG: time: move time-keeping code and variables to clock.c 2021-10-08 17:22:26 +02:00
tools.c MINOR: intops: add a function to return a valid bit position from a mask 2022-06-21 20:29:57 +02:00
trace.c BUG/MINOR: trace: Test server existence for health-checks to get proxy 2022-06-08 15:28:38 +02:00
uri_auth.c CLEANUP: Compare the return value of XXXcmp() functions with zero 2021-01-04 10:09:02 +01:00
uri_normalizer.c MINOR: uri_normalizer: Add fragment-encode normalizer 2021-05-11 17:24:32 +02:00
vars.c CLEANUP: vars: move the per-process variables initialization to vars.c 2022-02-23 17:11:33 +01:00
version.c BUILD: Fix build by including haproxy/global.h 2020-06-16 23:36:04 +02:00
wdt.c MINOR: wdt: do not rely on threads_to_dump anymore 2022-07-01 19:26:35 +02:00
xprt_handshake.c CLEANUP: pool/tree-wide: remove suffix "_pool" from certain pool names 2022-06-23 11:49:09 +02:00
xprt_quic.c MINOR: quic: Improvements for the datagrams receipt 2022-06-30 14:34:27 +02:00