From 531b83e039bbe369e4fe6e775e9bfa310d780da1 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 11 Oct 2019 13:34:22 +0200
Subject: [PATCH] MINOR: h1: Reject requests if the authority does not match
 the header host

As stated in the RCF7230#5.4, a client must send a field-value for the header
host that is identical to the authority if the target URI includes one. So, now,
by default, if the authority, when provided, does not match the value of the
header host, an error is triggered. To mitigate this behavior, it is possible to
set the option "accept-invalid-http-request". In that case, an http error is
captured without interrupting the request parsing.
---
 src/h1.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/h1.c b/src/h1.c
index 7e7eaa064a17..83afb14ebc5c 100644
--- a/src/h1.c
+++ b/src/h1.c
@@ -834,8 +834,20 @@ int h1_headers_to_hdr_list(char *start, const char *stop,
 					}
 				}
 				else if (isteqi(n, ist("host"))) {
-					if (host_idx == -1)
+					if (host_idx == -1) {
+						struct ist authority;
+
+						authority = http_get_authority(sl.rq.u, 1);
+						if (authority.len && !isteqi(v, authority)) {
+							if (h1m->err_pos < -1) {
+								state = H1_MSG_HDR_L2_LWS;
+								goto http_msg_invalid;
+							}
+							if (h1m->err_pos == -1) /* capture the error pointer */
+								h1m->err_pos = ptr - start + skip; /* >= 0 now */
+						}
 						host_idx = hdr_count;
+					}
 					else {
 						if (!isteqi(v, hdr[host_idx].v)) {
 							state = H1_MSG_HDR_L2_LWS;