------------------------------------------------------------
revno: 13674
revision-id: squid3@treenet.co.nz-20141208081731-fsrserjh6fsdz6de
parent: squid3@treenet.co.nz-20141208081300-sa46fczlmgs9jxzl
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Mon 2014-12-08 00:17:31 -0800
message:
  HTTP/2: handle 'PRI' method found in HTTP/1.x traffic
  
  draft-ietf-httpbis-http2-16 section 11.6 registers the method PRI.
  "
    This method is never used by an actual client.
    This method will appear to be used when an HTTP/1.1 server or
    intermediary attempts to parse an HTTP/2 connection preface.
  "
  
  If seen with a non-2.0 version number it means some client or proxy has
  mishandled an HTTP/2.0 connection preface and corrupted the traffic.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20141208081731-fsrserjh6fsdz6de
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: d82ddf4d798beb14bfcc61d0f0ec27fc68fda7be
# timestamp: 2014-12-08 08:51:02 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20141208081300-\
#   sa46fczlmgs9jxzl
# 
# Begin patch
=== modified file 'src/client_side.cc'
--- src/client_side.cc	2014-10-07 14:11:12 +0000
+++ src/client_side.cc	2014-12-08 08:17:31 +0000
@@ -2209,6 +2209,17 @@
         return csd->abortRequestParsing("error:method-not-allowed");
     }
 
+    /* draft-ietf-httpbis-http2-16 section 11.6 registers the method PRI as HTTP/2 specific
+     * Deny "PRI" method if used in HTTP/1.x or 0.9 versions.
+     * If seen it signals a broken client or proxy has corrupted the traffic.
+     */
+    if (hp->method() == Http::METHOD_PRI && hp->messageProtocol() < Http::ProtocolVersion(2,0)) {
+        debugs(33, DBG_IMPORTANT, "WARNING: PRI method received on " << csd->transferProtocol << " port " << csd->port->s.port());
+        debugs(33, DBG_IMPORTANT, "WARNING: for request: " << hp->method() << " " << hp->requestUri() << " " << hp->messageProtocol());
+        hp->request_parse_status = Http::scMethodNotAllowed;
+        return csd->abortRequestParsing("error:method-not-allowed");
+    }
+
     if (*method_p == Http::METHOD_NONE) {
         /* XXX need a way to say "this many character length string" */
         debugs(33, DBG_IMPORTANT, "clientParseRequestMethod: Unsupported method in request '" << hp->buf << "'");

=== modified file 'src/http/MethodType.h'
--- src/http/MethodType.h	2014-09-13 13:59:43 +0000
+++ src/http/MethodType.h	2014-12-08 08:17:31 +0000
@@ -87,6 +87,9 @@
     METHOD_UNBIND,
 #endif
 
+    // draft-ietf-httpbis-http2-16 section 11.6
+    METHOD_PRI,
+
     // Squid extension methods
     METHOD_PURGE,
     METHOD_OTHER,