upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-25 02:44:25 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 15

BUG/MINOR: h2: reject response pseudo-headers from requests

Browse source 
At the moment there's only ":status". Let's block it early when parsing
the request. Otherwise it would be blocked by the HTTP/1 code anyway.
This silences another h2spec issue.

To backport to 1.8.
This commit is contained in:
Willy Tarreau 2017-12-03 20:13:54 +01:00
parent 92153fccd3
commit 520886990f
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/h2.c
View file

@ -212,6 +212,10 @@ int h2_make_h1_request(struct http_hdr *list, char *out, int osize)
*(out++) = '\n';
}
/* RFC7540#8.1.2.1 mandates to reject response pseudo-headers (:status) */
if (fields & H2_PHDR_FND_STAT)
goto fail;
/* Let's dump the request now if not yet emitted. */
if (!(fields & H2_PHDR_FND_NONE)) {
ret = h2_prepare_h1_reqline(fields, phdr_val, &out, out_end);