[
https://issues.apache.org/jira/browse/TS-1570?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14218007#comment-14218007
]
Alan M. Carroll commented on TS-1570:
-------------------------------------
Susan notes this line
{code}
std::string s(line_start);
{code}
is much worse than I thought because there is no guarantee {{line_start}} is
null terminated. This is a very important thing to keep in mind at all times
when working with the headers. She also noted that http_parser_parse_req is a
restartable parser and {{line_start}} is a local variable so its state is not
preserved across calls. If the header comes through in pieces and the {{HOST}}
field was in a previous chunk, this will incorrectly decide there was no
{{HOST}} field.
I will note that the original patch does bong 1.1 requests that are missing a
{{HOST}} field, I will leave that to Leif and Cynthia to hash out.
> remap doesn't reject request whose Host has extra characters after port (like
> "test.com:80xxx")
> -----------------------------------------------------------------------------------------------
>
> Key: TS-1570
> URL: https://issues.apache.org/jira/browse/TS-1570
> Project: Traffic Server
> Issue Type: Bug
> Components: HTTP
> Affects Versions: 3.3.0
> Reporter: Conan Wang
> Assignee: Cynthia Gu
> Priority: Minor
> Fix For: 5.3.0
>
> Attachments: patch.diff, patch.diff1
>
>
> remap.config: map http://test.com http://1.1.1.1
> The request with Host: 'test.com:80xxx' or 'test.com:xxx' will get passed.
> Such host is not filtered strictly.
> Just report, didn't have big problem for me though.
> curl http://127.0.0.1:8080/ -H "Host: test.com:80xxx"
> or curl -x 127.0.0.1:8080 http://test.com:80xxx/ -v
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
