[
https://issues.apache.org/jira/browse/TS-1570?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14217058#comment-14217058
]
Alan M. Carroll edited comment on TS-1570 at 11/18/14 11:41 PM:
----------------------------------------------------------------
Some comments on the proposed patch -
* Space after {{if}}.
* Don't use things like {{std::string}} in the main path, because it can
allocate.
I think this is a bit cleaner for the check logic --
{code}
MIMEParseResult ret = mime_parser_parse(&parser->m_mime_parser, heap,
hh->m_fields_impl, start, end, must_copy_strings, eof);
if (ret == PARSE_DONE) ret = validate_host(line_start, version); // if we're
done with the main parse, check HOST.
return ret;
{code}
For validating the host field itself, you've just done the MIME parsing so you
can get the HOST field directly. E.g.
{code}
MIMEField* host = mime_hdr_field_find(m_fields_impl, MIME_FIELD_HOST,
MIME_LEN_HOST);
if (host) {
if (host->has_dups()) {
zret = PARSE_ERROR; // can't have more than 1 host field.
} else {
char const* host_val = host->value_get();
// check host_val for bad format here. w/o using std::string.
}
}
{code}
was (Author: amc):
Some comments on the proposed patch -
* Space after {{if}}.
* Don't use things like {{std::string}} in the main path, because it can
allocate.
I think this is a bit cleaner for the check logic --
{code}
MIMEParseResult ret = mime_parser_parse(&parser->m_mime_parser, heap,
hh->m_fields_impl, start, end, must_copy_strings, eof);
if (ret == PARSE_DONE) ret = validate_host(line_start, version); // if we're
done with the main parse, check HOST.
return ret;
{code}
For validating the host field itself, you've just done the MIME parsing so you
can get the HOST field directly. E.g.
{code}
MIMEField* host = mime_hdr_field_find(m_fields_impl, MIME_FIELD_HOST,
MIME_LEN_HOST);
if (host) {
if (host->has_dups()) {
zret = PARSE_ERROR; // can't have more than 1 host field.
} else {
char const* host_val = host->value_get();
// check host_val for bad format here. w/o using std::string.
}
{code}
> remap doesn't reject request whose Host has extra characters after port (like
> "test.com:80xxx")
> -----------------------------------------------------------------------------------------------
>
> Key: TS-1570
> URL: https://issues.apache.org/jira/browse/TS-1570
> Project: Traffic Server
> Issue Type: Bug
> Components: HTTP
> Affects Versions: 3.3.0
> Reporter: Conan Wang
> Assignee: Cynthia Gu
> Priority: Minor
> Fix For: 5.3.0
>
> Attachments: patch.diff, patch.diff1
>
>
> remap.config: map http://test.com http://1.1.1.1
> The request with Host: 'test.com:80xxx' or 'test.com:xxx' will get passed.
> Such host is not filtered strictly.
> Just report, didn't have big problem for me though.
> curl http://127.0.0.1:8080/ -H "Host: test.com:80xxx"
> or curl -x 127.0.0.1:8080 http://test.com:80xxx/ -v
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
