HTTP/3: restricted symbols in header names.

As per HTTP/3 draft 27, a request or response containing uppercase header
field names MUST be treated as malformed.  Also, existing rules applied
when parsing HTTP/1 header names are also applied to HTTP/3 header names:

- null character is not allowed
- underscore character may or may not be treated as invalid depending on the
  value of "underscores_in_headers"
- all non-alphanumeric characters with the exception of '-' are treated as
  invalid

Also, the r->locase_header field is now filled while parsing an HTTP/3
header.

Error logging for invalid headers is fixed as well.

1 files changed, 6 insertions, 4 deletions

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index e77c4bc35..e3d217f79 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1511,7 +1511,8 @@ ngx_http_process_request_headers(ngx_event_t *rev)
         switch (r->http_version) {
 #if (NGX_HTTP_V3)
         case NGX_HTTP_VERSION_30:
-            rc = ngx_http_v3_parse_header(r, r->header_in);
+            rc = ngx_http_v3_parse_header(r, r->header_in,
+                                          cscf->underscores_in_headers);
             break;
 #endif
 
@@ -1530,9 +1531,10 @@ ngx_http_process_request_headers(ngx_event_t *rev)
                 /* there was error while a header line parsing */
 
                 ngx_log_error(NGX_LOG_INFO, c->log, 0,
-                              "client sent invalid header line: \"%*s\"",
-                              r->header_end - r->header_name_start,
-                              r->header_name_start);
+                              "client sent invalid header line: \"%*s: %*s\"",
+                              r->header_name_end - r->header_name_start,
+                              r->header_name_start,
+                              r->header_end - r->header_start, r->header_start);
                 continue;
             }