File SQUID-2019_10.patch of Package squid.15550

ported from:

commit 671ba97abe929156dc4c717ee52ad22fba0f7443
Author: Amos Jeffries <yadij@users.noreply.github.com>
Date:   2019-09-11 02:52:52 +0000

    RFC 7230: server MUST reject messages with BWS after field-name (#445)
    
    Obey the RFC requirement to reject HTTP requests with whitespace
    between field-name and the colon delimiter. Rejection is
    critical in the presence of broken HTTP agents that mishandle
    malformed messages.
    
    Also obey requirement to always strip such whitespace from HTTP
    response messages. The relaxed parser is no longer necessary for
    this response change.
    
    For now non-HTTP protocols retain the old behaviour of removal
    only when using the relaxed parser.

Index: squid-3.5.21/src/HttpHeader.cc
===================================================================
--- squid-3.5.21.orig/src/HttpHeader.cc
+++ squid-3.5.21/src/HttpHeader.cc
@@ -681,14 +681,11 @@ HttpHeader::parse(const char *header_sta
             break;      /* terminating blank line */
         }
 
-        if ((e = HttpHeaderEntry::parse(field_start, field_end)) == NULL) {
+        if ((e = HttpHeaderEntry::parse(field_start, field_end, owner)) == NULL) {
             debugs(55, warnOnError, "WARNING: unparseable HTTP header field {" <<
                    getStringPrefix(field_start, field_end) << "}");
             debugs(55, warnOnError, " in {" << getStringPrefix(header_start, header_end) << "}");
 
-            if (Config.onoff.relaxed_header_parser)
-                continue;
-
             PROF_stop(HttpHeaderParse);
             return reset();
         }
@@ -1625,7 +1622,7 @@ HttpHeaderEntry::~HttpHeaderEntry()
 
 /* parses and inits header entry, returns true/false */
 HttpHeaderEntry *
-HttpHeaderEntry::parse(const char *field_start, const char *field_end)
+HttpHeaderEntry::parse(const char *field_start, const char *field_end, const http_hdr_owner_type msgType)
 {
     /* note: name_start == field_start */
     const char *name_end = (const char *)memchr(field_start, ':', field_end - field_start);
@@ -1642,19 +1639,42 @@ HttpHeaderEntry::parse(const char *field
 
     if (name_len > 65534) {
         /* String must be LESS THAN 64K and it adds a terminating NULL */
-        debugs(55, DBG_IMPORTANT, "WARNING: ignoring header name of " << name_len << " bytes");
+	// TODO: update this to show proper name_len in Raw markup, but not print all that
+	debugs(55, 2, "ignoring huge header field (" << Raw("field_start", field_start, 100) << "...)");
         return NULL;
     }
 
-    if (Config.onoff.relaxed_header_parser && xisspace(field_start[name_len - 1])) {
+    /*
+     * RFC 7230 section 3.2.4:
+     * "No whitespace is allowed between the header field-name and colon.
+     * ...
+     *  A server MUST reject any received request message that contains
+     *  whitespace between a header field-name and colon with a response code
+     *  of 400 (Bad Request).  A proxy MUST remove any such whitespace from a
+     *  response message before forwarding the message downstream."
+     */
+    if (xisspace(field_start[name_len - 1])) {
+
+        if (msgType == hoRequest)
+            return nullptr;
+
+        // for now, also let relaxed parser remove this BWS from any non-HTTP messages
+        const bool stripWhitespace = (msgType == hoReply) ||
+                                     Config.onoff.relaxed_header_parser;
+        if (!stripWhitespace)
+            return nullptr; // reject if we cannot strip
+
+
         debugs(55, Config.onoff.relaxed_header_parser <= 0 ? 1 : 2,
                "NOTICE: Whitespace after header name in '" << getStringPrefix(field_start, field_end) << "'");
 
         while (name_len > 0 && xisspace(field_start[name_len - 1]))
             --name_len;
 
-        if (!name_len)
+        if (!name_len) {
+            debugs(55, 2, "found header with only whitespace for name");
             return NULL;
+	}
     }
 
     /* now we know we can parse it */
@@ -1688,11 +1708,7 @@ HttpHeaderEntry::parse(const char *field
 
     if (field_end - value_start > 65534) {
         /* String must be LESS THAN 64K and it adds a terminating NULL */
-        debugs(55, DBG_IMPORTANT, "WARNING: ignoring '" << name << "' header of " << (field_end - value_start) << " bytes");
-
-        if (id == HDR_OTHER)
-            name.clean();
-
+        debugs(55, 2, "WARNING: found '" << name << "' header of " << (field_end - value_start) << " bytes");
         return NULL;
     }
 
Index: squid-3.5.21/src/HttpHeader.h
===================================================================
--- squid-3.5.21.orig/src/HttpHeader.h
+++ squid-3.5.21/src/HttpHeader.h
@@ -187,7 +187,7 @@ class HttpHeaderEntry
 public:
     HttpHeaderEntry(http_hdr_type id, const char *name, const char *value);
     ~HttpHeaderEntry();
-    static HttpHeaderEntry *parse(const char *field_start, const char *field_end);
+    static HttpHeaderEntry *parse(const char *field_start, const char *field_end, const http_hdr_owner_type msgType);
     HttpHeaderEntry *clone() const;
     void packInto(Packer *p) const;
     int getInt() const;