Issues in Parsing HTTP Request "Host" Header

[TUO-Wu]

Version
12717d1

Platform
Ubuntu 11.4.0-1ubuntu1~22.04

Description
Hello, I may find some bugs with the Host header where hyper parses HTTP requests.
RFC 9112 says this:

A server MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message that lacks a Host header field and to any request message that contains more than one Host header field line or a Host header field with an invalid field value.

This should imply that the HTTP server must reject requests with redundant Host headers or requests with missing Host headers. But in both cases, hyper did not reject.

Examples:

POST / HTTP/1.1\r\n
Host: victim1.com\r\n
Host: victim2.com\r\n
\r\n

$ echo -ne "POST / HTTP/1.1\r\nHost: victim1.com\r\nHost: victim2.com\r\n\r\n" | nc 172.18.0.9 80
HTTP/1.1 200 OK
content-length: 137
date: Wed, 19 Mar 2025 15:21:20 GMT

{"method":"UE9TVA==","version":"MS4x","uri":"Lw==","headers":[["aG9zdA==","dmljdGltMS5jb20="],["aG9zdA==","dmljdGltMi5jb20="]],"body":""}

or

POST / HTTP/1.1\r\n
Content-Length: 0\r\n
\r\n

$ echo -ne "POST / HTTP/1.1\r\nContent-Length: 0\r\n\r\n" | nc 172.18.0.9 80
HTTP/1.1 200 OK
content-length: 105
date: Wed, 19 Mar 2025 15:25:29 GMT

{"method":"UE9TVA==","version":"MS4x","uri":"Lw==","headers":[["Y29udGVudC1sZW5ndGg=","MA=="]],"body":""}

[seanmonstar]

Thanks for the report!

I'm inclined to mark this as wont-fix. Anyone using the host header to determine what to serve will need to check the value anyways, and so they can reject however they like. Anyone who isn't, doesn't care.