gamzinav/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG/MEDIUM: h2: do not accept upper case letters in request header names

Browse Source 
This is explicitly forbidden by 7540#8.1.2, and may be used to bypass
some of the other filters, so they must be blocked early. It removes
another issue reported by h2spec.

To backport to 1.8.
This commit is contained in:
Willy Tarreau 2017-12-03 20:28:13 +01:00
parent fe7c356be6
commit 637f64d565
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/h2.c
View File

@ -133,6 +133,7 @@ int h2_make_h1_request(struct http_hdr *list, char *out, int osize)
int ck, lck; /* cookie index and last cookie index */
int phdr;
int ret;
int i;
lck = ck = -1; // no cookie for now
fields = 0;
@ -143,6 +144,11 @@ int h2_make_h1_request(struct http_hdr *list, char *out, int osize)
}
else {
/* this can be any type of header */
/* RFC7540#8.1.2: upper case not allowed in header field names */
for (i = 0; i < list[idx].n.len; i++)
if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A')
goto fail;
phdr = h2_str_to_phdr(list[idx].n);
}