[jira] [Comment Edited] (TS-1570) remap doesn't reject request whose Host has extra characters after port (like "test.com:80xxx")

Tue, 18 Nov 2014 15:42:04 -0800 

    [ 
https://issues.apache.org/jira/browse/TS-1570?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14217058#comment-14217058
 ] 

Alan M. Carroll edited comment on TS-1570 at 11/18/14 11:41 PM:
----------------------------------------------------------------

Some comments on the proposed patch -

* Space after {{if}}.
* Don't use things like {{std::string}} in the main path, because it can 
allocate.

I think this is a bit cleaner for the check logic --

{code}
  MIMEParseResult ret =  mime_parser_parse(&parser->m_mime_parser, heap, 
hh->m_fields_impl, start, end, must_copy_strings, eof);
  if (ret == PARSE_DONE) ret = validate_host(line_start, version); // if we're 
done with the main parse, check HOST.
  return ret;
{code}

For validating the host field itself, you've just done the MIME parsing so you 
can get the HOST field directly. E.g.

{code}
  MIMEField* host = mime_hdr_field_find(m_fields_impl, MIME_FIELD_HOST, 
MIME_LEN_HOST);
  if (host) {
    if (host->has_dups()) {
      zret = PARSE_ERROR; // can't have more than 1 host field.
    } else {
      char const* host_val = host->value_get();
      // check host_val for bad format here. w/o using std::string.
    }
  }
{code}


was (Author: amc):
Some comments on the proposed patch -

* Space after {{if}}.
* Don't use things like {{std::string}} in the main path, because it can 
allocate.

I think this is a bit cleaner for the check logic --

{code}
  MIMEParseResult ret =  mime_parser_parse(&parser->m_mime_parser, heap, 
hh->m_fields_impl, start, end, must_copy_strings, eof);
  if (ret == PARSE_DONE) ret = validate_host(line_start, version); // if we're 
done with the main parse, check HOST.
  return ret;
{code}

For validating the host field itself, you've just done the MIME parsing so you 
can get the HOST field directly. E.g.

{code}
  MIMEField* host = mime_hdr_field_find(m_fields_impl, MIME_FIELD_HOST, 
MIME_LEN_HOST);
  if (host) {
    if (host->has_dups()) {
      zret = PARSE_ERROR; // can't have more than 1 host field.
    } else {
      char const* host_val = host->value_get();
      // check host_val for bad format here. w/o using std::string.
  }
{code}

> remap doesn't reject request whose Host has extra characters after port (like 
> "test.com:80xxx")
> -----------------------------------------------------------------------------------------------
>
>                 Key: TS-1570
>                 URL: https://issues.apache.org/jira/browse/TS-1570
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: HTTP
>    Affects Versions: 3.3.0
>            Reporter: Conan Wang
>            Assignee: Cynthia Gu
>            Priority: Minor
>             Fix For: 5.3.0
>
>         Attachments: patch.diff, patch.diff1
>
>
> remap.config:    map http://test.com  http://1.1.1.1
> The request with Host: 'test.com:80xxx' or 'test.com:xxx' will get passed. 
> Such host is not filtered strictly. 
> Just report, didn't have big problem for me though.
> curl http://127.0.0.1:8080/ -H "Host: test.com:80xxx"
> or curl -x 127.0.0.1:8080 http://test.com:80xxx/ -v



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to