Fix #81305: Built-in Webserver Drops Requests With "Upgrade" Header

cmb69 · cmb69 · commit d1ccb5bd0c7f · 2021-07-29T13:16:15.000+02:00
While our HTTP parser supports upgrade requests, the code using it does not. Since upgrade requests are only valid for HTTP/1.1 and we neither support any higher version, nor HTTPS yet, we do not exit early in case of such requests, i.e. we ignore them, what is allowed by the specs. We keep the supporting code in case we can meaningfully support upgrade requests in the future. Closes GH-7316.
diff --git a/NEWS b/NEWS
@@ -6,6 +6,8 @@ PHP                                                                        NEWS
   . Fixed bug #72595 (php_output_handler_append illegal write access). (cmb)
   . Fixed bug #66719 (Weird behaviour when using get_called_class() with
     call_user_func()). (Nikita)
+  . Fixed bug #81305 (Built-in Webserver Drops Requests With "Upgrade" Header).
+    (cmb)
 
 - BCMath:
   . Fixed bug #78238 (BCMath returns "-0"). (cmb)
diff --git a/sapi/cli/php_http_parser.c b/sapi/cli/php_http_parser.c
@@ -1339,11 +1339,16 @@ size_t php_http_parser_execute (php_http_parser *parser,
           }
         }
 
+        /* We cannot meaningfully support upgrade requests, since we only
+         * support HTTP/1 for now.
+         */
+#if 0
         /* Exit, the rest of the connect is in a different protocol. */
         if (parser->upgrade) {
           CALLBACK2(message_complete);
           return (p - data);
         }
+#endif
 
         if (parser->flags & F_SKIPBODY) {
           CALLBACK2(message_complete);
diff --git a/sapi/cli/tests/bug81305.phpt b/sapi/cli/tests/bug81305.phpt
@@ -0,0 +1,36 @@
+--TEST--
+Bug #81305 (Built-in Webserver Drops Requests With "Upgrade" Header)
+--SKIPIF--
+<?php
+include "skipif.inc";
+?>
+--FILE--
+<?php
+include "php_cli_server.inc";
+php_cli_server_start();
+
+$host = PHP_CLI_SERVER_HOSTNAME;
+$fp = php_cli_server_connect();
+
+if (fwrite($fp, <<<HEADER
+GET / HTTP/1.1
+Host: {$host}
+Upgrade: HTTP/2.0
+Connection: upgrade
+
+
+HEADER)) {
+	fpassthru($fp);
+}
+
+fclose($fp);
+?>
+--EXPECTF--
+HTTP/1.1 200 OK
+Host: %s
+Date: %s
+Connection: close
+X-Powered-By: PHP/%s
+Content-type: text/html; charset=UTF-8
+
+Hello world

Original file line number	Diff line number	Diff line change
`@@ -1339,11 +1339,16 @@ size_t php_http_parser_execute (php_http_parser *parser,`
`1339`	`1339`	`}`
`1340`	`1340`	`}`
`1341`	`1341`
	`1342`	`+ /* We cannot meaningfully support upgrade requests, since we only`
	`1343`	`+ * support HTTP/1 for now.`
	`1344`	`+ */`
	`1345`	`+#if 0`
`1342`	`1346`	`/* Exit, the rest of the connect is in a different protocol. */`
`1343`	`1347`	`if (parser->upgrade) {`
`1344`	`1348`	`CALLBACK2(message_complete);`
`1345`	`1349`	`return (p - data);`
`1346`	`1350`	`}`
	`1351`	`+#endif`
`1347`	`1352`
`1348`	`1353`	`if (parser->flags & F_SKIPBODY) {`
`1349`	`1354`	`CALLBACK2(message_complete);`