BUG/MINOR: h3: reject request URI with invalid characters
Ensure that the HTX start-line generated after parsing an HTTP/3 request does not contain any invalid character, i.e. control or whitespace characters. Note that for now path is used directly as URI. Thus, the check is performed directly over it. A patch will change this to generate an absolute-form URI in most cases, but it won't be backported to avoid configuration breaking in stable versions. This must be backported up to 2.6.
This commit is contained in:
Amaury Denoyelle
parent
fc28fe7191
commit
1faa1285aa
12
src/h3.c
12
src/h3.c
@ -752,6 +752,18 @@ static ssize_t h3_headers_to_htx(struct qcs *qcs, const struct buffer *buf,
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* Ensure that final URI does not contains LWS nor CTL characters. */
|
||||
for (i = 0; i < path.len; i++) {
|
||||
unsigned char c = istptr(path)[i];
|
||||
if (HTTP_IS_LWS(c) || HTTP_IS_CTL(c)) {
|
||||
TRACE_ERROR("invalid character in path", H3_EV_RX_FRAME|H3_EV_RX_HDR, qcs->qcc->conn, qcs);
|
||||
h3s->err = H3_ERR_MESSAGE_ERROR;
|
||||
qcc_report_glitch(h3c->qcc, 1);
|
||||
len = -1;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
sl = htx_add_stline(htx, HTX_BLK_REQ_SL, flags, meth, path, ist("HTTP/3.0"));
|
||||
if (!sl) {
|
||||
len = -1;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user