h2: Improve pseudo-header handling

e9edf57b · Dag Haavi Finstad · Dridi Boukelmoune · e68d3209 · e9edf57b · e9edf57b
Commit e9edf57b authored Mar 10, 2023 by Dag Haavi Finstad Committed by Dridi Boukelmoune Mar 29, 2024
Hide whitespace changes
Inline Side-by-side

Showing with 38 additions and 0 deletions

cache_http2_hpack.c bin/varnishd/http2/cache_http2_hpack.c +9 -0

a02027.vtc bin/varnishtest/tests/a02027.vtc +29 -0

No files found.
--- a/bin/varnishd/http2/cache_http2_hpack.c
+++ b/bin/varnishd/http2/cache_http2_hpack.c
@@ -134,6 +134,15 @@ h2h_addhdr(struct h2h_decode *d, struct http *hp, char *b, size_t namelen,
 			n = HTTP_HDR_URL;
 			disallow_empty = 1;

+			// rfc7540,l,3060,3071
+			if ((len > 0 && *b != '/') ||
+			    (len > 1 && *(b+1) == '/')) {
+				VSLb(hp->vsl, SLT_BogoHeader,
+				    "Illegal :path pseudo-header %.*s",
+				    (int)len, b);
+				return (H2SE_PROTOCOL_ERROR);
+			}
+
 			/* Second field cannot contain LWS or CTL */
 			for (p = b, u = 0; u < len; p++, u++) {
 				if (vct_islws(*p) || vct_isctl(*p))

--- a/bin/varnishtest/tests/a02027.vtc
+++ b/bin/varnishtest/tests/a02027.vtc
+varnishtest "Malformed :path handling"
+
+server s1 {
+} -start
+
+varnish v1 -vcl+backend {
+	sub vcl_recv {
+		return (synth(200));
+	}
+} -start
+varnish v1 -cliok "param.set feature +http2"
+
+client c1 {
+	stream 1 {
+		txreq -noadd -hdr ":authority" "foo.com" -hdr ":path" "foobar" -hdr ":scheme" "http" -hdr ":method" "GET"
+		rxrst
+		expect rst.err == PROTOCOL_ERROR
+	} -run
+
+} -run
+
+client c1 {
+	stream 1 {
+		txreq -noadd -hdr ":authority" "foo.com" -hdr ":path" "//foo" -hdr ":scheme" "http" -hdr ":method" "GET"
+		rxrst
+		expect rst.err == PROTOCOL_ERROR
+	} -run
+
+} -run