Issues in Parsing HTTP Request "Host" Header #462
Description
Hello, I may find some bugs with the Host header where waitress parses HTTP requests.
RFC 9112 says this:
A server MUST respond with a
400 (Bad Request)status code to any HTTP/1.1 request message that lacks aHostheader field and to any request message that contains more than oneHostheader field line or aHostheader field with an invalid field value.
This should imply that the HTTP server must reject requests with redundant Host headers or requests with missing Host headers. But in both cases, waitress did not reject.
Examples:
POST / HTTP/1.1\r\n
Host: victim1.com\r\n
Host: victim2.com\r\n
\r\n
$ echo -ne "POST / HTTP/1.1\r\nHost: victim1.com\r\nHost: victim2.com\r\n\r\n" | nc 172.18.0.6 80
HTTP/1.1 200 OK
Content-Length: 129
Content-Type: application/json
Date: Wed, 19 Mar 2025 15:29:06 GMT
Server: waitress
{"headers":[["SE9TVA==","dmljdGltMS5jb20sIHZpY3RpbTIuY29t"]],"body":"","version":"SFRUUC8xLjE=","uri":"Lw==","method":"UE9TVA=="}
or
POST / HTTP/1.1\r\n
Content-Length: 0\r\n
\r\n
$ echo -ne "POST / HTTP/1.1\r\nContent-Length: 0\r\n\r\n" | nc 172.18.0.6 80
HTTP/1.1 200 OK
Content-Length: 113
Content-Type: application/json
Date: Wed, 19 Mar 2025 15:29:31 GMT
Server: waitress
{"headers":[["Q09OVEVOVF9MRU5HVEg=","MA=="]],"body":"","version":"SFRUUC8xLjE=","uri":"Lw==","method":"UE9TVA=="}
The version I tested: fc592e8