details: http://hg.nginx.org/nginx/rev/d588987701f4
branches:
changeset: 7293:d588987701f4
user: Ruslan Ermilov <ru@nginx.com>
date: Thu Jun 07 11:47:10 2018 +0300
description:
HTTP/2: validate client request scheme.

The scheme is validated as per RFC 3986, Section 3.1.

diffstat:

src/http/v2/ngx_http_v2.c | 23 +++++++++++++++++++++++
1 files changed, 23 insertions(+), 0 deletions(-)

diffs (40 lines):

diff -r f9661f56c717 -r d588987701f4 src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c Thu May 24 12:06:35 2018 +0300
+++ b/src/http/v2/ngx_http_v2.c Thu Jun 07 11:47:10 2018 +0300
@@ -3474,6 +3474,9 @@ ngx_http_v2_parse_method(ngx_http_reques
static ngx_int_t
ngx_http_v2_parse_scheme(ngx_http_request_t *r, ngx_str_t *value)
{
+ u_char c, ch;
+ ngx_uint_t i;
+
if (r->schema_start) {
ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
"client sent duplicate :scheme header");
@@ -3488,6 +3491,26 @@ ngx_http_v2_parse_scheme(ngx_http_reques
return NGX_DECLINED;
}

+ for (i = 0; i < value->len; i++) {
+ ch = value->data[i];
+
+ c = (u_char) (ch | 0x20);
+ if (c >= 'a' && c <= 'z') {
+ continue;
+ }
+
+ if (((ch >= '0' && ch <= '9') || ch == '+' || ch == '-' || ch == '.')
+ && i > 0)
+ {
+ continue;
+ }
+
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "client sent invalid :scheme header: \"%V\"", value);
+
+ return NGX_DECLINED;
+ }
+
r->schema_start = value->data;
r->schema_end = value->data + value->len;

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel