Fix invalid matching in case of TCP segmentation

Function `tfw_http_search_host_forwarded` worked incorrectly with TCP segmentation. We can't compare chunk by chunk with "host=", because "host=" can be separated between several chunks.
tempesta-tech · May 19, 2023 · f975347 · f975347
1 parent 40936d4
commit f975347
Showing 1 changed file with 20 additions and 8 deletions.
diff --git a/fw/http_match.c b/fw/http_match.c
@@ -963,6 +963,9 @@ tfw_http_search_host_forwarded(const TfwStr *hdr, TfwStr *host_val)
 {
 	TfwStr *chunk, *end;
 	char stop = ';';
+	char *host[] = {"host=", "ost=", "st=", "t=", "="};
+	unsigned pos = 0;
+	unsigned len;
 
 	if (TFW_STR_EMPTY(hdr))
 		return false;
@@ -972,16 +975,25 @@ tfw_http_search_host_forwarded(const TfwStr *hdr, TfwStr *host_val)
 		if (!(chunk->flags & TFW_STR_NAME))
 			continue;
 
-		if (tfw_str_eq_cstr(chunk, "host=", 5, TFW_HTTP_MATCH_O_EQ)) {
-			++chunk;
-			if (!(chunk->flags & TFW_STR_VALUE)) {
-			/* Skip quote and collect until next quote */
+		BUG_ON(pos >= ARRAY_SIZE(host));
+		len = min(chunk->len, ARRAY_SIZE(host) - pos);
+
+		if (tfw_str_eq_cstr(chunk, host[pos], len, TFW_HTTP_MATCH_O_EQ)) {
+			pos += len;
+			if (pos == ARRAY_SIZE(host)) {
 				++chunk;
-				stop = '"';
-			}
-			tfw_str_collect_cmp(chunk, end, host_val, &stop);
+				if (!(chunk->flags & TFW_STR_VALUE)) {
+				/* Skip quote and collect until next quote */
+					++chunk;
+					stop = '"';
+				}
+				tfw_str_collect_cmp(chunk, end, host_val, &stop);
 
-			return true;
+				return true;
+			} else if (pos > ARRAY_SIZE(host))
+				pos = 0;
+		} else {
+			pos = 0;
 		}
 	}