Michael DeCandia
2015-Oct-09 02:47 UTC
[syslinux] lpxelinux.0 does not set the port number in the http Host: header
Hello all, I think I may have found a bug with the way lpxelinux.0 sends http requests. Specifically when I trace the requests I notice that the Host: header does not contain the port that was used to make the request. Here's my scenario. I have a python Flask app that dynamically generates the PXE menu for kickstarts. When I request a URL the server responds with a file containing more URLs based on Flask's request.url_root. My web server is running on a non-standard port, 5550. When my generated menu file came back I noticed that all of the included URLs were lacking the port. So instead of seeing the following: LABEL rhelresc-manual MENU LABEL Red Hat Enterprise Linux 6 Rescue (HTTP - Manual) KERNEL http://foo.example.com:5550/autoprov/Linux__RedHat__6Server__x86_64/vendor_media/images/pxeboot/vmlinuz INITRD http://foo.example.com:5550/autoprov/Linux__RedHat__6Server__x86_64/vendor_media/images/pxeboot/initrd.img APPEND root=/dev/ram0 text rescue I received (note the missing port number on foo.example.com): LABEL rhelresc-manual MENU LABEL Red Hat Enterprise Linux 6 Rescue (HTTP - Manual) KERNEL http://foo.example.com/autoprov/Linux__RedHat__6Server__x86_64/vendor_media/images/pxeboot/vmlinuz INITRD http://foo.example.com/autoprov/Linux__RedHat__6Server__x86_64/vendor_media/images/pxeboot/initrd.img APPEND root=/dev/ram0 text rescue A packet trace shows the following headers when fetching http://foo.example.com:5550/autoprov/tftpboot/pxelinux.cfg/01-00-0f-53-27-22-e0. GET //autoprov/tftpboot/pxelinux.cfg/01-00-0f-53-27-22-e0 HTTP/1.0 Host: foo.example.com User-Agent: Syslinux/6.03 Connection: close Cookie: _Syslinux_ip=10.219.25.26%3A10.219.26.71%3A10.219.25.1%3A255.255.255.192;_Syslinux_BOOTIF=01-00-0f-53-27-22-e0;_Syslinux_SYSUUID=44454c4c-3200-105a-8043-c6c04f523232;_Syslinux_CPU=6PVTXL;_Syslinux_SYSVENDOR=Dell+Inc.;_Syslinux_SYSPRODUCT=PowerEdge+R630;_Syslinux_SYSSERIAL=F2ZCR22;_Syslinux_SYSSKU=SKU%3DNotProvided%3BModelName%3DPowerEdge+R630;_Syslinux_SYSFAMILY=PowerEdge;_Syslinux_MBVENDOR=Dell+Inc.;_Syslinux_MBPRODUCT=0CNCJW;_Syslinux_MBVERSION=A03;_Syslinux_MBSERIAL=.F2ZCR22.CN747514AN0076.;_Syslinux_BIOSVENDOR=Dell+Inc.;_Syslinux_BIOSVERSION=1.1.4;_Syslinux_SYSFF=23; The web server trusts the Host: header more than I expected. While I feel like that's a Flask/uwsgi bug (feature?) I need to deal with, lpxelinux.0 should still send the header as "Host: foo.example.com:5550". I realize that the host header is only required as part of HTTP/1.1, and this is a HTTP/1.0 request, but it would make sense to implement it as defined in the HTTP/1.1 spec or to just remove it. This was found on syslinux-6.0.3 using the official binaries. I found a couple of other bugs/bad behaviors too, but it's probably best if I post those separately. -Mike
Gene Cumm
2015-Oct-09 10:30 UTC
[syslinux] lpxelinux.0 does not set the port number in the http Host: header
On Thu, Oct 8, 2015 at 10:47 PM, Michael DeCandia via Syslinux <syslinux at zytor.com> wrote:> Hello all, > > I think I may have found a bug with the way lpxelinux.0 sends http > requests. Specifically when I trace the requests I notice that the > Host: header does not contain the port that was used to make the > request. > > Here's my scenario. I have a python Flask app that dynamically > generates the PXE menu for kickstarts. When I request a URL the > server responds with a file containing more URLs based on Flask's > request.url_root. My web server is running on a non-standard port, > 5550. When my generated menu file came back I noticed that all of the > included URLs were lacking the port. So instead of seeing the > following: > > LABEL rhelresc-manual > MENU LABEL Red Hat Enterprise Linux 6 Rescue (HTTP - Manual) > KERNEL > http://foo.example.com:5550/autoprov/Linux__RedHat__6Server__x86_64/vendor_media/images/pxeboot/vmlinuz > INITRD > http://foo.example.com:5550/autoprov/Linux__RedHat__6Server__x86_64/vendor_media/images/pxeboot/initrd.img > APPEND root=/dev/ram0 text rescue > > I received (note the missing port number on foo.example.com): > > LABEL rhelresc-manual > MENU LABEL Red Hat Enterprise Linux 6 Rescue (HTTP - Manual) > KERNEL > http://foo.example.com/autoprov/Linux__RedHat__6Server__x86_64/vendor_media/images/pxeboot/vmlinuz > INITRD > http://foo.example.com/autoprov/Linux__RedHat__6Server__x86_64/vendor_media/images/pxeboot/initrd.img > APPEND root=/dev/ram0 text rescue > > > A packet trace shows the following headers when fetching > http://foo.example.com:5550/autoprov/tftpboot/pxelinux.cfg/01-00-0f-53-27-22-e0. > > GET //autoprov/tftpboot/pxelinux.cfg/01-00-0f-53-27-22-e0 HTTP/1.0 > Host: foo.example.com > User-Agent: Syslinux/6.03 > Connection: close > Cookie: _Syslinux_ip=10.219.25.26%3A10.219.26.71%3A10.219.25.1%3A255.255.255.192;_Syslinux_BOOTIF=01-00-0f-53-27-22-e0;_Syslinux_SYSUUID=44454c4c-3200-105a-8043-c6c04f523232;_Syslinux_CPU=6PVTXL;_Syslinux_SYSVENDOR=Dell+Inc.;_Syslinux_SYSPRODUCT=PowerEdge+R630;_Syslinux_SYSSERIAL=F2ZCR22;_Syslinux_SYSSKU=SKU%3DNotProvided%3BModelName%3DPowerEdge+R630;_Syslinux_SYSFAMILY=PowerEdge;_Syslinux_MBVENDOR=Dell+Inc.;_Syslinux_MBPRODUCT=0CNCJW;_Syslinux_MBVERSION=A03;_Syslinux_MBSERIAL=.F2ZCR22.CN747514AN0076.;_Syslinux_BIOSVENDOR=Dell+Inc.;_Syslinux_BIOSVERSION=1.1.4;_Syslinux_SYSFF=23; > > The web server trusts the Host: header more than I expected. While I > feel like that's a Flask/uwsgi bug (feature?) I need to deal with, > lpxelinux.0 should still send the header as "Host: > foo.example.com:5550". I realize that the host header is only > required as part of HTTP/1.1, and this is a HTTP/1.0 request, but it > would make sense to implement it as defined in the HTTP/1.1 spec or to > just remove it. > > This was found on syslinux-6.0.3 using the official binaries. I found > a couple of other bugs/bad behaviors too, but it's probably best if I > post those separately. > > > -Mike > > _______________________________________________ > Syslinux mailing list > Submissions to Syslinux at zytor.com > Unsubscribe or set options at: > http://www.zytor.com/mailman/listinfo/syslinux-- -Gene
Gene Cumm
2015-Oct-09 10:33 UTC
[syslinux] lpxelinux.0 does not set the port number in the http Host: header
Sorry about the empty spam On Thu, Oct 8, 2015 at 10:47 PM, Michael DeCandia via Syslinux <syslinux at zytor.com> wrote:> This was found on syslinux-6.0.3 using the official binaries. I found > a couple of other bugs/bad behaviors too, but it's probably best if I > post those separately.I'd suggest trying the latest test code first. git://github.com/geneC/syslinux.git https://github.com/geneC/syslinux.git Branch 1efipxe https://sites.google.com/site/genecsyslinux/sl604p0g18-x64.tgz?attredirects=0&d=1 https://sites.google.com/site/genecsyslinux/sl604p0g18-bios.tgz?attredirects=0&d=1 -- -Gene
Geert Stappers
2015-Oct-09 12:59 UTC
[syslinux] lpxelinux.0 does not set the port number in the http Host: header
On Fri, Oct 09, 2015 at 06:33:36AM -0400, Gene Cumm via Syslinux wrote:> On Thu, Oct 8, 2015 at 10:47 PM, Michael DeCandia via Syslinux wrote:[ ... cool stuff with dynamic content from flask ... ]> > A packet trace shows the following headers when fetching > > http://foo.example.com:5550/autoprov/tftpboot/pxelinux.cfg/01-00-0f-53-27-22-e0. > > > > GET //autoprov/tftpboot/pxelinux.cfg/01-00-0f-53-27-22-e0 HTTP/1.0 > > Host: foo.example.com > > User-Agent: Syslinux/6.03 > > Connection: close > > Cookie: _Syslinux_ip=10.219.25.26%3A10.219.26.71%3A10.219.25.1%3A255.255.255.192;_Syslinux_BOOTIF=01-00-0f-53-27-22-e0;_Syslinux_SYSUUID=44454c4c-3200-105a-8043-c6c04f523232;_Syslinux_CPU=6PVTXL;_Syslinux_SYSVENDOR=Dell+Inc.;_Syslinux_SYSPRODUCT=PowerEdge+R630;_Syslinux_SYSSERIAL=F2ZCR22;_Syslinux_SYSSKU=SKU%3DNotProvided%3BModelName%3DPowerEdge+R630;_Syslinux_SYSFAMILY=PowerEdge;_Syslinux_MBVENDOR=Dell+Inc.;_Syslinux_MBPRODUCT=0CNCJW;_Syslinux_MBVERSION=A03;_Syslinux_MBSERIAL=.F2ZCR22.CN747514AN0076.;_Syslinux_BIOSVENDOR=Dell+Inc.;_Syslinux_BIOSVERSION=1.1.4;_Syslinux_SYSFF=23; > > > > The web server trusts the Host: header more than I expected. While I > > feel like that's a Flask/uwsgi bug (feature?) I need to deal with, > > lpxelinux.0 should still send the header as "Host: > > foo.example.com:5550". I realize that the host header is only > > required as part of HTTP/1.1, and this is a HTTP/1.0 request, but it > > would make sense to implement it as defined in the HTTP/1.1 spec or to > > just remove it. > > > > This was found on syslinux-6.0.3 using the official binaries. I found > > a couple of other bugs/bad behaviors too, but it's probably best if I > > post those separately. > > I'd suggest trying the latest test code first. > > git://github.com/geneC/syslinux.git >When compare that with git://repo.or.cz/syslinux.git I don't see new files from http://savannah.nongnu.org/projects/lwip/ And I can't see if LWIP supports HTTP/1.1 As I understand it, is the lpxelinux.0 will get HTTP/1.1 support when: * the LWIP project has it * we, the Syslinux project, update our LWIP code Groeten Geert Stappers -- Leven en laten leven
Ady
2015-Oct-10 09:36 UTC
[syslinux] lpxelinux.0 does not set the port number in the http Host: header
> Cookie: _Syslinux_ip=10.219.25.26%3A10.219.26.71%3A10.219.25.1%3A255.255.255.192;_Syslinux_BOOTIF=01-00-0f-53-27-22-e0;_Syslinux_SYSUUID=44454c4c-3200-105a-8043-c6c04f523232;_Syslinux_CPU=6PVTXL;_Syslinux_SYSVENDOR=Dell+Inc.;_Syslinux_SYSPRODUCT=PowerEdge+R630;_Syslinux_SYSSERIAL=F2ZCR22;_Syslinux_SYSSKU=SKU%3DNotProvided%3BModelName%3DPowerEdge+R630;_Syslinux_SYSFAMILY=PowerEdge;_Syslinux_MBVENDOR=Dell+Inc.;_Syslinux_MBPRODUCT=0CNCJW;_Syslinux_MBVERSION=A03;_Syslinux_MBSERIAL=.F2ZCR22.CN747514AN0076.;_Syslinux_BIOSVENDOR=Dell+Inc.;_Syslinux_BIOSVERSION=1.1.4;_Syslinux_SYSFF=23; >I wonder whether the fact that you are talking about lpxelinux.0 (for BIOS systems) and there is a UEFI system involved (Dell PowerEdge R630) could have any effect on the observed result. This wondering of mine might be rather independent of the original "port number in http host" issue.> > This was found on syslinux-6.0.3 using the official binaries. I found > a couple of other bugs/bad behaviors too, but it's probably best if I > post those separately. >Please, share your findings.> > -Mike >Regards, Ady.
Gene Cumm
2015-Oct-10 14:02 UTC
[syslinux] lpxelinux.0 does not set the port number in the http Host: header
On Thu, Oct 8, 2015 at 10:47 PM, Michael DeCandia via Syslinux <syslinux at zytor.com> wrote:> Hello all, > > I think I may have found a bug with the way lpxelinux.0 sends http > requests. Specifically when I trace the requests I notice that the > Host: header does not contain the port that was used to make the > request.> A packet trace shows the following headers when fetching > http://foo.example.com:5550/autoprov/tftpboot/pxelinux.cfg/01-00-0f-53-27-22-e0. > > GET //autoprov/tftpboot/pxelinux.cfg/01-00-0f-53-27-22-e0 HTTP/1.0 > Host: foo.example.comcore/fs/pxe/http.c line 214 is to blame. Commit ID d04e8b2 ( d04e8b2ffd982e58111e03e413136f3b7ec4b9dc ) "core/http: Append port number to Host field if needed". -- -Gene