commit e313c1bd5901b721bdfd23714c432235625a87a8 Author: Christopher Faulet Date: Mon Jan 6 13:41:01 2020 +0100 BUG/MINOR: h1: Report the right error position when a header value is invalid During H1 messages parsing, when the parser has finished to parse a full header line, some tests are performed on its value, depending on its name, to be sure it is valid. The content-length is checked and converted in integer and the host header is also checked. If an error occurred during this step, the error position must point on the header value. But from the parser point of view, we are already on the start of the next header. Thus the effective reported position in the error capture is the beginning of the unparsed header line. It is a bit confusing when we try to figure out why a message is rejected. Now, the parser state is updated to point on the invalid value. This way, the error position really points on the right position. This patch must be backported as far as 1.9. (cherry picked from commit 1703478e2dd6bd12bb03b0a0fdcc7cd4a611dafc) Signed-off-by: Christopher Faulet diff --git a/src/h1.c b/src/h1.c index 15827db56..63fbee8c0 100644 --- a/src/h1.c +++ b/src/h1.c @@ -819,6 +819,7 @@ int h1_headers_to_hdr_list(char *start, const char *stop, if (ret < 0) { state = H1_MSG_HDR_L2_LWS; + ptr = v.ptr; /* Set ptr on the error */ goto http_msg_invalid; } else if (ret == 0) { @@ -841,16 +842,18 @@ int h1_headers_to_hdr_list(char *start, const char *stop, if (authority.len && !isteqi(v, authority)) { if (h1m->err_pos < -1) { state = H1_MSG_HDR_L2_LWS; + ptr = v.ptr; /* Set ptr on the error */ goto http_msg_invalid; } if (h1m->err_pos == -1) /* capture the error pointer */ - h1m->err_pos = ptr - start + skip; /* >= 0 now */ + h1m->err_pos = v.ptr - start + skip; /* >= 0 now */ } host_idx = hdr_count; } else { if (!isteqi(v, hdr[host_idx].v)) { state = H1_MSG_HDR_L2_LWS; + ptr = v.ptr; /* Set ptr on the error */ goto http_msg_invalid; } /* if the same host, skip it */