From bf18bb21ef9c269edadac549b7b7d43fdb87051c Mon Sep 17 00:00:00 2001 From: Martin Blix Grydeland Date: Thu, 15 Aug 2019 12:54:50 +0200 Subject: [PATCH] Fix HTTP header line continuation in http1_dissect_hdrs When clearing the [CR]LF in a line continuation, we would continue replacing any [CR|LF|HT|SP] characters up until the end of the buffer, possibly overwriting later [CR]LFs. Fix this by only unconditionally overwrite one [CR]LF, and then only replace [HT|SP] with SP to keep with previous behaviour. Update r00494.vtc to include multiple line continuations to make sure they are parsed. --- bin/varnishd/http1/cache_http1_proto.c | 4 +++- bin/varnishtest/tests/r00494.vtc | 11 +++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/bin/varnishd/http1/cache_http1_proto.c b/bin/varnishd/http1/cache_http1_proto.c index e5203a94ec..e373d7d5d5 100644 --- a/bin/varnishd/http1/cache_http1_proto.c +++ b/bin/varnishd/http1/cache_http1_proto.c @@ -146,7 +146,9 @@ http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc, break; /* Clear line continuation LWS to spaces */ - while (q < htc->rxbuf_e && vct_islws(*q)) + while (q < r) + *q++ = ' '; + while (q < htc->rxbuf_e && vct_issp(*q)) *q++ = ' '; } diff --git a/bin/varnishtest/tests/r00494.vtc b/bin/varnishtest/tests/r00494.vtc index cb0bbe8d7b..e0db8a4bf8 100644 --- a/bin/varnishtest/tests/r00494.vtc +++ b/bin/varnishtest/tests/r00494.vtc @@ -6,6 +6,11 @@ server s1 { rxreq txresp -hdr {Foo: bar, barf: fail} -body "xxx" + + rxreq + txresp -hdr {Foo: bar, + + barf: fail} -body "xxx" } -start varnish v1 -vcl+backend { @@ -21,4 +26,10 @@ client c1 { expect resp.http.bar == "bar, barf: fail" expect resp.http.barf == expect resp.http.foo == + + txreq -url /2 + rxresp + expect resp.http.bar == "bar, barf: fail" + expect resp.http.barf == + expect resp.http.foo == } -run