[6.0] e9edf57bb h2: Improve pseudo-header handling
Dridi Boukelmoune
dridi.boukelmoune at gmail.com
Thu Apr 4 14:33:09 UTC 2024
commit e9edf57bb0349dfbfa6d311ebb0e8cab15cc2a7d
Author: Dag Haavi Finstad <daghf at varnish-software.com>
Date: Fri Mar 10 19:59:43 2023 +0100
h2: Improve pseudo-header handling
diff --git a/bin/varnishd/http2/cache_http2_hpack.c b/bin/varnishd/http2/cache_http2_hpack.c
index e12562523..055cb3e33 100644
--- a/bin/varnishd/http2/cache_http2_hpack.c
+++ b/bin/varnishd/http2/cache_http2_hpack.c
@@ -134,6 +134,15 @@ h2h_addhdr(struct h2h_decode *d, struct http *hp, char *b, size_t namelen,
n = HTTP_HDR_URL;
disallow_empty = 1;
+ // rfc7540,l,3060,3071
+ if ((len > 0 && *b != '/') ||
+ (len > 1 && *(b+1) == '/')) {
+ VSLb(hp->vsl, SLT_BogoHeader,
+ "Illegal :path pseudo-header %.*s",
+ (int)len, b);
+ return (H2SE_PROTOCOL_ERROR);
+ }
+
/* Second field cannot contain LWS or CTL */
for (p = b, u = 0; u < len; p++, u++) {
if (vct_islws(*p) || vct_isctl(*p))
diff --git a/bin/varnishtest/tests/a02027.vtc b/bin/varnishtest/tests/a02027.vtc
new file mode 100644
index 000000000..731f72aca
--- /dev/null
+++ b/bin/varnishtest/tests/a02027.vtc
@@ -0,0 +1,29 @@
+varnishtest "Malformed :path handling"
+
+server s1 {
+} -start
+
+varnish v1 -vcl+backend {
+ sub vcl_recv {
+ return (synth(200));
+ }
+} -start
+varnish v1 -cliok "param.set feature +http2"
+
+client c1 {
+ stream 1 {
+ txreq -noadd -hdr ":authority" "foo.com" -hdr ":path" "foobar" -hdr ":scheme" "http" -hdr ":method" "GET"
+ rxrst
+ expect rst.err == PROTOCOL_ERROR
+ } -run
+
+} -run
+
+client c1 {
+ stream 1 {
+ txreq -noadd -hdr ":authority" "foo.com" -hdr ":path" "//foo" -hdr ":scheme" "http" -hdr ":method" "GET"
+ rxrst
+ expect rst.err == PROTOCOL_ERROR
+ } -run
+
+} -run
More information about the varnish-commit
mailing list