receive_client_request(): Reject https URLs without CONNECT request

author Fabian Keil <fk@fabiankeil.de>

Thu, 25 Mar 2021 10:06:54 +0000 (11:06 +0100)

committer Fabian Keil <fk@fabiankeil.de>

Wed, 30 Mar 2022 10:53:59 +0000 (12:53 +0200)
author Fabian Keil <fk@fabiankeil.de>
Thu, 25 Mar 2021 10:06:54 +0000 (11:06 +0100)
committer Fabian Keil <fk@fabiankeil.de>
Wed, 30 Mar 2022 10:53:59 +0000 (12:53 +0200)
diff --git a/jcc.c b/jcc.c

index 36ac4f0..17aa039 100644 (file)
--- a/jcc.c
+++ b/jcc.c
@@ -1813,6 +1813,19 @@ static jb_err receive_client_request(struct client_state *csp)
        free_http_request(http);
        return JB_ERR_PARSE;
     }
+   if (http->ssl && strcmpic(http->gpc, "CONNECT"))
+   {
+      write_socket_delayed(csp->cfd, CHEADER, strlen(CHEADER),
+         get_write_delay(csp));
+      /* XXX: Use correct size */
+      log_error(LOG_LEVEL_CLF, "%s - - [%T] \"Invalid request\" 400 0",
+         csp->ip_addr_str);
+      log_error(LOG_LEVEL_ERROR, "Client %s tried to send a https "
+         "URL without sending a CONNECT request first",
+         csp->ip_addr_str);
+      free_http_request(http);
+      return JB_ERR_PARSE;
+   }
  
     /* grab the rest of the client's headers */
     init_list(headers);
author	Fabian Keil <fk@fabiankeil.de>
	Thu, 25 Mar 2021 10:06:54 +0000 (11:06 +0100)
committer	Fabian Keil <fk@fabiankeil.de>
	Wed, 30 Mar 2022 10:53:59 +0000 (12:53 +0200)