lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity

[core] reject uppercase in unrecognized HTTP/2 hdr 

strictly validate and reject uppercase in unrecognized HTTP/2 header
This commit is contained in:
Glenn Strauss 2023-08-02 17:33:58 -04:00
parent d71fc70c8d
commit 140c6e31a8
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/request.c
View File

@ -800,15 +800,14 @@ http_request_parse_header (request_st * const restrict r, http_header_parse_ctx
if (__builtin_expect( (hpctx->id == HTTP_HEADER_H2_UNKNOWN), 0)) {
uint32_t j = 0;
while (j < klen && (light_islower(k[j]) || k[j] == '-'))
++j;
while ((light_islower(k[j]) || k[j] == '-') && ++j < klen) ;
if (__builtin_expect( (j != klen), 0)) {
if (light_isupper(k[j]))
return 400;
if (0 != http_request_parse_header_other(r, k+j, klen-j,
http_header_strict))
return 400;
do {
if (light_isupper(k[j])) return 400;
} while (++j < klen);
}
hpctx->id = http_header_hkey_get_lc(k, klen);