Mailing List Archive

commit ff52f481ee9c33daae1fe3956ba6fedd935ed0da
Author: Walid Boudebouda <walid.boudebouda@gmail.com>
Date: Fri Sep 8 17:25:06 2023 +0200

hpack: Check illegal header blanks with vct_issp()

Signed-off-by: Dridi Boukelmoune <dridi.boukelmoune@gmail.com>

diff --git a/bin/varnishd/http2/cache_http2_hpack.c b/bin/varnishd/http2/cache_http2_hpack.c
index d90638c81..529bc31eb 100644
--- a/bin/varnishd/http2/cache_http2_hpack.c
+++ b/bin/varnishd/http2/cache_http2_hpack.c
@@ -101,7 +101,7 @@ h2h_checkhdr(const struct http *hp, const char *b, size_t namelen, size_t len)
for (p = b + namelen; p < b + len; p++) {
switch(state) {
case FLD_VALUE_FIRST:
- if (*p == ' ' || *p == 0x09) {
+ if (vct_issp(*p)) {
VSLb(hp->vsl, SLT_BogoHeader,
"Illegal field value start %.*s",
(int)(len > 20 ? 20 : len), b);
@@ -121,7 +121,7 @@ h2h_checkhdr(const struct http *hp, const char *b, size_t namelen, size_t len)
WRONG("http2 field value validation state");
}
}
- if (state == FLD_VALUE && b[len - 1] <= 0x20) {
+ if (state == FLD_VALUE && vct_issp(b[len - 1])) {
VSLb(hp->vsl, SLT_BogoHeader,
"Illegal val (end) %.*s",
(int)(len > 20 ? 20 : len), b);
_______________________________________________
varnish-commit mailing list
varnish-commit@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit