artulab.com Git - openbsd/commit

author	reyk <reyk@openbsd.org>
	Wed, 27 Jul 2016 06:55:44 +0000 (06:55 +0000)
committer	reyk <reyk@openbsd.org>
	Wed, 27 Jul 2016 06:55:44 +0000 (06:55 +0000)
commit	c9822c566a2e2077c872b465772a179d1c6dae10
tree	d8ed04db75a3d14e6480cd1cf61d2b78fbf6fc6d	tree \| snapshot
parent	6800a44d5263efa3995c4fd613af1b8509b34766	commit \| diff

Improve parsing of the Host by following RFC 7230 Section 5.4 more strictly:

- Respond with a 400 (Bad Request) if there is more than one Host:
header to prevent ambiguities.

- Make sure that the host in the optional absolute form of
request-target (eg. GET http://www.target.com/ HTTP/1.1) matches the
Host: value. Proxies are supposed to ignore the Host: value if the
request-target exists, but relayd used to ignore the absolute
request-target form instead. In HTTP terminology, relayd is a gateway
and not a proxy, but it has to make sure that the host is validated
consistently.

OK benno@ bluhm@

regress/usr.sbin/relayd/args-http-host.pl	[new file with mode: 0644]	blob
regress/usr.sbin/relayd/args-http-host2.pl	[new file with mode: 0644]	blob
regress/usr.sbin/relayd/args-http-host3.pl	[new file with mode: 0644]	blob
regress/usr.sbin/relayd/args-http-host4.pl	[new file with mode: 0644]	blob
usr.sbin/relayd/relay_http.c		diff \| blob \| history
usr.sbin/relayd/relayd.c		diff \| blob \| history
usr.sbin/relayd/relayd.h		diff \| blob \| history