File SQUID-2020_10.patch of Package squid.31747

from

commit 9c8e2a71aa1d3c159a319d9365c346c48dc783a5
Author: Amos Jeffries <yadij@users.noreply.github.com>
Date:   Tue Aug 4 04:34:32 2020 +0000

    Enforce token characters for field-name  (#700)
    
    RFC 7230 defines field-name as a token. Request splitting and cache
    poisoning attacks have used non-token characters to fool broken HTTP
    agents behind or in front of Squid for years. This change should
    significantly reduce that abuse.
    
    If we discover exceptional situations that need special treatment, the
    relaxed parser can allow them on a case-by-case basis (while being extra
    careful about framing-related header fields), just like we already
    tolerate some header whitespace (e.g., between the response header
    field-name and colon).



Index: squid-3.5.21/src/HttpHeader.cc
===================================================================
--- squid-3.5.21.orig/src/HttpHeader.cc
+++ squid-3.5.21/src/HttpHeader.cc
@@ -29,6 +29,7 @@
 #include "StrList.h"
 #include "TimeOrTag.h"
 #include "http/ContentLengthInterpreter.h"
+#include "base/CharacterSet.h"
 
 #include <algorithm>
 
@@ -705,17 +706,6 @@ HttpHeader::parse(const char *header_sta
             return 0;
         }
 
-        if (e->id == HDR_OTHER && stringHasWhitespace(e->name.termedBuf())) {
-            debugs(55, warnOnError, "WARNING: found whitespace in HTTP header name {" <<
-                   getStringPrefix(field_start, field_end) << "}");
-
-            if (!Config.onoff.relaxed_header_parser) {
-                delete e;
-                PROF_stop(HttpHeaderParse);
-                return reset();
-            }
-        }
-
         addEntry(e);
     }
 
@@ -1679,6 +1669,21 @@ HttpHeaderEntry::parse(const char *field
 	}
     }
 
+    /* RFC 7230 section 3.2:
+     *
+     *  header-field   = field-name ":" OWS field-value OWS
+     *  field-name     = token
+     *  token          = 1*TCHAR
+     */
+    for (const char *pos = field_start; pos < (field_start+name_len); ++pos) {
+        if (!CharacterSet::TCHAR[*pos]) {
+            debugs(55, 2, "found header with invalid characters in " <<
+                   Raw("field-name", field_start, min(name_len,100)) << "...");
+            return nullptr;
+        }
+    }
+
+
     /* now we know we can parse it */
 
     debugs(55, 9, "parsing HttpHeaderEntry: near '" <<  getStringPrefix(field_start, field_end) << "'");