BUG/MINOR: h3: don't insert more than one Host header

Let's make sure we drop extraneous Host headers after having compared
them. That also works when :authority was already present. This way,
like for h1 and h2, we only keep one copy of it, while still making
sure that Host matches :authority. This way, if a request has both
:authority and Host, only one Host header will be produced (from
:authority). Note that due to the different organization of the code
and wording along the evolving RFCs, here we also check that all
duplicates are identical, while h2 ignores them as per RFC7540, but
this will be re-unified later.

This should be backported to stable versions, at least 2.8, though
thanks to the existing checks the impact is probably nul.

(cherry picked from commit b84762b3e0c0e7708ddc98ae6b721ed10dc1be30)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit fd54c8ce6fb977e4591b73f677caf5743964bb45)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/src/h3.c b/src/h3.c
index fe06d2e..39e98b9 100644 (file)
--- a/src/h3.c
+++ b/src/h3.c
@@ -828,12 +828,20 @@ static ssize_t h3_headers_to_htx(struct qcs *qcs, const struct buffer *buf,
                }
 
                if (isteq(list[hdr_idx].n, ist("host"))) {
+                       struct ist prev_auth = authority;
+
                        if (h3_set_authority(qcs, &authority, list[hdr_idx].v)) {
                                h3s->err = H3_ERR_MESSAGE_ERROR;
                                qcc_report_glitch(h3c->qcc, 1);
                                len = -1;
                                goto out;
                        }
+
+                       if (isttest(prev_auth)) {
+                               /* skip duplicate Host header */
+                               ++hdr_idx;
+                               continue;
+                       }
                }
                else if (isteq(list[hdr_idx].n, ist("cookie"))) {
                        http_cookie_register(list, hdr_idx, &cookie, &last_cookie);