Be stricter on final [CR]LF parsing in http1_dissect_hdrs

The end of http1_dissect_hdrs ends with skipping over the final [CR]LF that marks then end of the headers. Currently that skip is optional, that is, it is skipped if it was present. This patch adds an assert if the final [CR]LF is not found when finishing the parsing. HTTP1_Complete guarantees that it is there, if not we would not have started parsing the request or response in the first place, and if it is missing, there must be an error in the parsing leading up to it.
varnishcache · Aug 23, 2019 · 3471718 · 3471718
1 parent dd47e65
commit 3471718
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/bin/varnishd/http1/cache_http1_proto.c b/bin/varnishd/http1/cache_http1_proto.c
@@ -111,6 +111,7 @@ http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc,
     unsigned maxhdr)
 {
 	char *q, *r, *s;
+	int i;
 
 	assert(p > htc->rxbuf_b);
 	assert(p <= htc->rxbuf_e);
@@ -200,11 +201,9 @@ http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc,
 			return (400);
 		}
 	}
-	/* We cannot use vct_skipcrlf() we have to respect rxbuf_e */
-	if (p+2 <= htc->rxbuf_e && p[0] == '\r' && p[1] == '\n')
-		p += 2;
-	else if (p+1 <= htc->rxbuf_e && p[0] == '\n')
-		p += 1;
+	i = vct_iscrlf(p, htc->rxbuf_e);
+	assert(i > 0);		/* HTTP1_Complete guarantees this */
+	p += i;
 	HTC_RxPipeline(htc, p);
 	htc->rxbuf_e = p;
 	return (0);