diff options
| author | Ruslan Ermilov <ru@nginx.com> | 2018-06-07 11:47:10 +0300 |
|---|---|---|
| committer | Ruslan Ermilov <ru@nginx.com> | 2018-06-07 11:47:10 +0300 |
| commit | 94a2ce426fc36a6c82411a331bb18bf129c6d014 (patch) | |
| tree | bad44a8d75d94f5859329aa36a97b082e0738161 /src | |
| parent | c804eb7748d2b7ba2cfa6bbd68d5b86b0ba33d55 (diff) | |
| download | nginx-94a2ce426fc36a6c82411a331bb18bf129c6d014.tar.gz nginx-94a2ce426fc36a6c82411a331bb18bf129c6d014.zip | |
HTTP/2: validate client request scheme.
The scheme is validated as per RFC 3986, Section 3.1.
Diffstat (limited to 'src')
| -rw-r--r-- | src/http/v2/ngx_http_v2.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c index 77ebb8474..a35140cf6 100644 --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -3474,6 +3474,9 @@ ngx_http_v2_parse_method(ngx_http_request_t *r, ngx_str_t *value) static ngx_int_t ngx_http_v2_parse_scheme(ngx_http_request_t *r, ngx_str_t *value) { + u_char c, ch; + ngx_uint_t i; + if (r->schema_start) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent duplicate :scheme header"); @@ -3488,6 +3491,26 @@ ngx_http_v2_parse_scheme(ngx_http_request_t *r, ngx_str_t *value) return NGX_DECLINED; } + for (i = 0; i < value->len; i++) { + ch = value->data[i]; + + c = (u_char) (ch | 0x20); + if (c >= 'a' && c <= 'z') { + continue; + } + + if (((ch >= '0' && ch <= '9') || ch == '+' || ch == '-' || ch == '.') + && i > 0) + { + continue; + } + + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent invalid :scheme header: \"%V\"", value); + + return NGX_DECLINED; + } + r->schema_start = value->data; r->schema_end = value->data + value->len; |