Mailing List Archive

commit 22f666f4feef841bf3ebd3c0300e80ff09ec9a8b
Author: Dag Haavi Finstad <daghf@varnish-software.com>
Date: Fri Mar 10 19:59:43 2023 +0100

h2: Improve pseudo-header handling

diff --git a/bin/varnishd/http2/cache_http2_hpack.c b/bin/varnishd/http2/cache_http2_hpack.c
index 51968317a..0efe5fa66 100644
--- a/bin/varnishd/http2/cache_http2_hpack.c
+++ b/bin/varnishd/http2/cache_http2_hpack.c
@@ -135,6 +135,15 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
n = HTTP_HDR_URL;
disallow_empty = 1;

+ // rfc7540,l,3060,3071
+ if ((len > 0 && *b != '/') ||
+ (len > 1 && *(b+1) == '/')) {
+ VSLb(hp->vsl, SLT_BogoHeader,
+ "Illegal :path pseudo-header %.*s",
+ (int)len, b);
+ return (H2SE_PROTOCOL_ERROR);
+ }
+
/* Second field cannot contain LWS or CTL */
for (p = b, u = 0; u < len; p++, u++) {
if (vct_islws(*p) || vct_isctl(*p))
diff --git a/bin/varnishtest/tests/a02027.vtc b/bin/varnishtest/tests/a02027.vtc
new file mode 100644
index 000000000..731f72aca
--- /dev/null
+++ b/bin/varnishtest/tests/a02027.vtc
@@ -0,0 +1,29 @@
+varnishtest "Malformed :path handling"
+
+server s1 {
+} -start
+
+varnish v1 -vcl+backend {
+ sub vcl_recv {
+ return (synth(200));
+ }
+} -start
+varnish v1 -cliok "param.set feature +http2"
+
+client c1 {
+ stream 1 {
+ txreq -noadd -hdr ":authority" "foo.com" -hdr ":path" "foobar" -hdr ":scheme" "http" -hdr ":method" "GET"
+ rxrst
+ expect rst.err == PROTOCOL_ERROR
+ } -run
+
+} -run
+
+client c1 {
+ stream 1 {
+ txreq -noadd -hdr ":authority" "foo.com" -hdr ":path" "//foo" -hdr ":scheme" "http" -hdr ":method" "GET"
+ rxrst
+ expect rst.err == PROTOCOL_ERROR
+ } -run
+
+} -run
_______________________________________________
varnish-commit mailing list
varnish-commit@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit