46 lines
1.6 KiB
Diff
46 lines
1.6 KiB
Diff
From 6748a47819c263d4631187b6f121b5344ab50d57 Mon Sep 17 00:00:00 2001
|
|
From: Amaury Denoyelle <adenoyelle@haproxy.com>
|
|
Date: Fri, 28 Jun 2024 10:50:19 +0200
|
|
Subject: [PATCH] BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally
|
|
valid
|
|
Origin: https://github.com/haproxy/haproxy/commit/6748a47819c263d4631187b6f121b5344ab50d57
|
|
|
|
Ensure pseudo-header scheme is only constitued of valid characters
|
|
according to RFC 9110. If an invalid value is found, the request is
|
|
rejected and stream is resetted.
|
|
|
|
It's the same as for previous commit "BUG/MEDIUM: h3: ensure the
|
|
":method" pseudo header is totally valid" except that this time it
|
|
applies to the ":scheme" pseudo header.
|
|
|
|
This must be backported up to 2.6.
|
|
|
|
(cherry picked from commit a3bed52d1f84ba36af66be4317a5f746d498bdf4)
|
|
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
|
|
(cherry picked from commit 5ddc4004cb0c3c4ea4f4596577c85f004678e9c0)
|
|
[cf: adapted]
|
|
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
|
|
---
|
|
src/h3.c | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/src/h3.c b/src/h3.c
|
|
index 4e21f6b92f535..1984f984f7daf 100644
|
|
--- a/src/h3.c
|
|
+++ b/src/h3.c
|
|
@@ -666,6 +666,14 @@ static ssize_t h3_headers_to_htx(struct qcs *qcs, const struct buffer *buf,
|
|
len = -1;
|
|
goto out;
|
|
}
|
|
+
|
|
+ if (!http_validate_scheme(list[hdr_idx].v)) {
|
|
+ TRACE_ERROR("invalid scheme pseudo-header", H3_EV_RX_FRAME|H3_EV_RX_HDR, qcs->qcc->conn, qcs);
|
|
+ h3s->err = H3_MESSAGE_ERROR;
|
|
+ len = -1;
|
|
+ goto out;
|
|
+ }
|
|
+
|
|
scheme = list[hdr_idx].v;
|
|
}
|
|
else if (isteq(list[hdr_idx].n, ist(":authority"))) {
|