add support for the PROXY protocol (v1 only) (#2654)

* add support for the PROXY protocol (v1 only) * slightly simplify test * address review feedback * move PROXY protocol parsing into its own method; avoid issue with short reads The HTTP parser requires that the buffer be non-empty when it's invoked, but if the entire buffer was the PROXY protocol, we may sometimes invoke it with an empty buffer. This causes the following error: Puma::HttpParserError: Requested start is after data buffer end. The fix? Any time we consume the entire buffer for the PROXY protocol, simply return `false` to indicate that we require more data.
2022-11-09 13:48:40 -05:00 · 2021-09-07 06:21:03 -07:00 · 2021-09-07 06:21:03 -07:00 · 656f0f71da
commit 656f0f71da
parent bbe8adf258
5 changed files with 93 additions and 4 deletions
--- a/lib/puma/client.rb
+++ b/lib/puma/client.rb
@ -56,6 +56,7 @@ module Puma
      @parser = HttpParser.new
      @parsed_bytes = 0
      @read_header = true
      @read_proxy = false
      @ready = false
      @body = nil
@ -71,6 +72,7 @@ module Puma
      @peerip = nil
      @listener = nil
      @remote_addr_header = nil
      @expect_proxy_proto = false
      @body_remain = 0
@ -106,7 +108,7 @@ module Puma
    # @!attribute [r] in_data_phase
    def in_data_phase
-      !@read_header
+      !(@read_header || @read_proxy)
    end
    def set_timeout(val)
@ -121,6 +123,7 @@ module Puma
    def reset(fast_check=true)
      @parser.reset
      @read_header = true
      @read_proxy = !!@expect_proxy_proto
      @env = @proto_env.dup
      @body = nil
      @tempfile = nil
@ -131,6 +134,8 @@ module Puma
      @in_last_chunk = false
      if @buffer
        return false unless try_to_parse_proxy_protocol
        @parsed_bytes = @parser.execute(@env, @buffer, @parsed_bytes)
        if @parser.finished?
@ -161,8 +166,32 @@ module Puma
      end
    end
    # If necessary, read the PROXY protocol from the buffer. Returns
    # false if more data is needed.
    def try_to_parse_proxy_protocol
      if @read_proxy
        if @expect_proxy_proto == :v1
          if @buffer.include? "\r\n"
            if md = PROXY_PROTOCOL_V1_REGEX.match(@buffer)
              if md[1]
                @peerip = md[1].split(" ")[0]
              end
              @buffer = md.post_match
            end
            # if the buffer has a \r\n but doesn't have a PROXY protocol
            # request, this is just HTTP from a non-PROXY client; move on
            @read_proxy = false
            return @buffer.size > 0
          else
            return false
          end
        end
      end
      true
    end
    def try_to_finish
-      return read_body unless @read_header
+      return read_body if in_data_phase
      begin
        data = @io.read_nonblock(CHUNK_SIZE)
@ -187,6 +216,8 @@ module Puma
        @buffer = data
      end
      return false unless try_to_parse_proxy_protocol
      @parsed_bytes = @parser.execute(@env, @buffer, @parsed_bytes)
      if @parser.finished?
@ -243,6 +274,17 @@ module Puma
      @parsed_bytes == 0
    end
    def expect_proxy_proto=(val)
      if val
        if @read_header
          @read_proxy = true
        end
      else
        @read_proxy = false
      end
      @expect_proxy_proto = val
    end
    private
    def setup_body
--- a/lib/puma/const.rb
+++ b/lib/puma/const.rb
@ -247,5 +247,7 @@ module Puma
    # Banned keys of response header
    BANNED_HEADER_KEY = /\A(rack\.|status\z)/.freeze
    PROXY_PROTOCOL_V1_REGEX = /^PROXY (?:TCP4|TCP6|UNKNOWN) ([^\r]+)\r\n/.freeze
  end
 end
--- a/lib/puma/dsl.rb
+++ b/lib/puma/dsl.rb
@ -818,7 +818,7 @@ module Puma
    # a kernel syscall is required which for very fast rack handlers
    # slows down the handling significantly.
    #
-    # There are 4 possible values:
+    # There are 5 possible values:
    #
    # 1. **:socket** (the default) - read the peername from the socket using the
    #    syscall. This is the normal behavior.
@ -828,7 +828,10 @@ module Puma
    #    `set_remote_address header: "X-Real-IP"`.
    #    Only the first word (as separated by spaces or comma) is used, allowing
    #    headers such as X-Forwarded-For to be used as well.
-    # 4. **\<Any string\>** - this allows you to hardcode remote address to any value
+    # 4. **proxy_protocol: :v1**- set the remote address to the value read from the
    #    HAproxy PROXY protocol, version 1. If the request does not have the PROXY
    #    protocol attached to it, will fall back to :socket
    # 5. **\<Any string\>** - this allows you to hardcode remote address to any value
    #    you wish. Because Puma never uses this field anyway, it's format is
    #    entirely in your hands.
    #
@ -846,6 +849,13 @@ module Puma
        if hdr = val[:header]
          @options[:remote_address] = :header
          @options[:remote_address_header] = "HTTP_" + hdr.upcase.tr("-", "_")
        elsif protocol_version = val[:proxy_protocol]
          @options[:remote_address] = :proxy_protocol
          protocol_version = protocol_version.downcase.to_sym
          unless [:v1].include?(protocol_version)
            raise "Invalid value for proxy_protocol - #{protocol_version.inspect}"
          end
          @options[:remote_address_proxy_protocol] = protocol_version
        else
          raise "Invalid value for set_remote_address - #{val.inspect}"
        end
--- a/lib/puma/server.rb
+++ b/lib/puma/server.rb
@ -323,6 +323,8 @@ module Puma
          remote_addr_value = @options[:remote_address_value]
        when :header
          remote_addr_header = @options[:remote_address_header]
        when :proxy_protocol
          remote_addr_proxy_protocol = @options[:remote_address_proxy_protocol]
        end
        while @status == :run || (drain && shutting_down?)
@ -348,6 +350,8 @@ module Puma
                  client.peerip = remote_addr_value
                elsif remote_addr_header
                  client.remote_addr_header = remote_addr_header
                elsif remote_addr_proxy_protocol
                  client.expect_proxy_proto = remote_addr_proxy_protocol
                end
                pool << client
              end
--- a/test/test_puma_server.rb
+++ b/test/test_puma_server.rb
@ -2,6 +2,7 @@ require_relative "helper"
 require "puma/events"
 require "net/http"
 require "nio"
 require "ipaddr"
 class TestPumaServer < Minitest::Test
  parallelize_me! unless JRUBY_HEAD
@ -48,6 +49,21 @@ class TestPumaServer < Minitest::Test
    new_connection << req
  end
  def send_proxy_v1_http(req, remote_ip, multisend = false)
    addr = IPAddr.new(remote_ip)
    family = addr.ipv4? ? "TCP4" : "TCP6"
    target = addr.ipv4? ? "127.0.0.1" : "::1"
    conn = new_connection
    if multisend
      conn << "PROXY #{family} #{remote_ip} #{target} 10000 80\r\n"
      sleep 0.15
      conn << req
    else
      conn << ("PROXY #{family} #{remote_ip} #{target} 10000 80\r\n" + req)
    end
  end
  def new_connection
    TCPSocket.new(@host, @port).tap {|sock| @ios << sock}
  end
@ -1017,6 +1033,21 @@ EOF
    assert_match "X-header: first line\r\nX-header: second line\r\n", data
  end
  def test_proxy_protocol
    server_run(remote_address: :proxy_protocol, remote_address_proxy_protocol: :v1) do |env|
      [200, {}, [env["REMOTE_ADDR"]]]
    end
    remote_addr = send_proxy_v1_http("GET / HTTP/1.0\r\n\r\n", "1.2.3.4").read.split("\r\n").last
    assert_equal '1.2.3.4', remote_addr
    remote_addr = send_proxy_v1_http("GET / HTTP/1.0\r\n\r\n", "fd00::1").read.split("\r\n").last
    assert_equal 'fd00::1', remote_addr
    remote_addr = send_proxy_v1_http("GET / HTTP/1.0\r\n\r\n", "fd00::1", true).read.split("\r\n").last
    assert_equal 'fd00::1', remote_addr
  end
  # To comply with the Rack spec, we have to split header field values
  # containing newlines into multiple headers.
  def assert_does_not_allow_http_injection(app, opts = {})