From 4875e1c273bbc09b6f1755dd3d206ac5861ff895 Mon Sep 17 00:00:00 2001
From: bluhm <bluhm@openbsd.org>
Date: Mon, 27 Apr 2015 20:01:59 +0000
Subject: [PATCH] Let the HTTP client close the connection within an incomplete
 header line.  Check that the session in relayd gets closes and it does not
 result in a file descriptor leak. Bug in relayd found by claudio@.

---
 .../relayd/args-http-headline-close.pl        | 30 ++++++++++++++++
 .../relayd/args-https-headline-close.pl       | 34 +++++++++++++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 regress/usr.sbin/relayd/args-http-headline-close.pl
 create mode 100644 regress/usr.sbin/relayd/args-https-headline-close.pl

diff --git a/regress/usr.sbin/relayd/args-http-headline-close.pl b/regress/usr.sbin/relayd/args-http-headline-close.pl
new file mode 100644
index 00000000000..3e86e0c8e50
--- /dev/null
+++ b/regress/usr.sbin/relayd/args-http-headline-close.pl
@@ -0,0 +1,30 @@
+# test http connection over http relay
+# The client writes an incomplete header line and closes the connection.
+# Check that the relay establishes and also closes the session.
+
+use strict;
+use warnings;
+
+our %args = (
+    client => {
+	func => sub {
+	    print "GET ";  # missing new line
+	},
+	nocheck => 1,
+    },
+    relayd => {
+	protocol => [ "http",
+	    "match request header log foo",
+	    "match response header log bar",
+	],
+	loggrep => {
+	    qr/session 1 .*, done/ => 1,
+	},
+    },
+    server => {
+	noserver => 1,
+	nocheck => 1,
+    },
+);
+
+1;
diff --git a/regress/usr.sbin/relayd/args-https-headline-close.pl b/regress/usr.sbin/relayd/args-https-headline-close.pl
new file mode 100644
index 00000000000..9ae14f06d3c
--- /dev/null
+++ b/regress/usr.sbin/relayd/args-https-headline-close.pl
@@ -0,0 +1,34 @@
+# test https connection over http relay
+# The client writes an incomplete header line and closes the connection.
+# Check that the relay establishes and also closes the session.
+
+use strict;
+use warnings;
+
+our %args = (
+    client => {
+	func => sub {
+	    print "GET ";  # missing new line
+	},
+	ssl => 1,
+	nocheck => 1,
+    },
+    relayd => {
+	protocol => [ "http",
+	    "match request header log foo",
+	    "match response header log bar",
+	],
+	forwardssl => 1,
+	listenssl => 1,
+	loggrep => {
+	    qr/session 1 established/ => 1,
+	    qr/session 1 .*, done/ => 1,
+	},
+    },
+    server => {
+	noserver => 1,
+	nocheck => 1,
+    },
+);
+
+1;
-- 
2.20.1