Restrict duplicate TE headers in HTTP/2 and HTTP/3

author Roman Arutyunyan <arut@nginx.com>

Wed, 15 Apr 2026 09:49:00 +0000 (13:49 +0400)

committer Roman Arutyunyan <arutyunyan.roman@gmail.com>

Thu, 16 Apr 2026 15:47:03 +0000 (19:47 +0400)
author Roman Arutyunyan <arut@nginx.com>
Wed, 15 Apr 2026 09:49:00 +0000 (13:49 +0400)
committer Roman Arutyunyan <arutyunyan.roman@gmail.com>
Thu, 16 Apr 2026 15:47:03 +0000 (19:47 +0400)
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c

index 336718bad5446242baa0a8eef78be5ff17fac59c..69cb0ae09a6629cc032e8cca7d7b8e0532971f76 100644 (file)
--- a/src/http/v2/ngx_http_v2.c
+++ b/src/http/v2/ngx_http_v2.c
@@ -3849,7 +3849,8 @@ ngx_http_v2_run_request(ngx_http_request_t *r)
      }
  
      if (r->headers_in.te
-        && (r->headers_in.te->value.len != 8
+        && (r->headers_in.te->next
+            || r->headers_in.te->value.len != 8
              || ngx_strncasecmp(r->headers_in.te->value.data,
                                 (u_char *) "trailers", 8) != 0))
      {
diff --git a/src/http/v3/ngx_http_v3_request.c b/src/http/v3/ngx_http_v3_request.c

index 3b0fdbe9889baad61ce4df7af8a9203cb8a12d0b..6b487289ab7040669310459402ac23f3615bc9bb 100644 (file)
--- a/src/http/v3/ngx_http_v3_request.c
+++ b/src/http/v3/ngx_http_v3_request.c
@@ -1050,7 +1050,8 @@ ngx_http_v3_process_request_header(ngx_http_request_t *r)
      }
  
      if (r->headers_in.te
-        && (r->headers_in.te->value.len != 8
+        && (r->headers_in.te->next
+            || r->headers_in.te->value.len != 8
              || ngx_strncasecmp(r->headers_in.te->value.data,
                                 (u_char *) "trailers", 8) != 0))
      {
author	Roman Arutyunyan <arut@nginx.com>
	Wed, 15 Apr 2026 09:49:00 +0000 (13:49 +0400)
committer	Roman Arutyunyan <arutyunyan.roman@gmail.com>
	Thu, 16 Apr 2026 15:47:03 +0000 (19:47 +0400)
src/http/v2/ngx_http_v2.c		patch \| blob \| history
src/http/v3/ngx_http_v3_request.c		patch \| blob \| history