nghttpx: Strict validation for header fields given in configuration
This commit is contained in:
Tatsuhiro Tsujikawa
parent
e677e37876
commit
486dba8d8a
|
|
@ -276,11 +276,9 @@ std::string read_passwd_from_file(const char *filename) {
|
||||||
}
|
}
|
||||||
|
|
||||||
std::pair<std::string, std::string> parse_header(const char *optarg) {
|
std::pair<std::string, std::string> parse_header(const char *optarg) {
|
||||||
// We skip possible ":" at the start of optarg.
|
const auto *colon = strchr(optarg, ':');
|
||||||
const auto *colon = strchr(optarg + 1, ':');
|
|
||||||
|
|
||||||
// name = ":" is not allowed
|
if (colon == nullptr || colon == optarg) {
|
||||||
if (colon == nullptr || (optarg[0] == ':' && colon == optarg + 1)) {
|
|
||||||
return {"", ""};
|
return {"", ""};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -292,6 +290,14 @@ std::pair<std::string, std::string> parse_header(const char *optarg) {
|
||||||
std::string(value, strlen(value)));
|
std::string(value, strlen(value)));
|
||||||
util::inp_strlower(p.first);
|
util::inp_strlower(p.first);
|
||||||
|
|
||||||
|
if (!nghttp2_check_header_name(
|
||||||
|
reinterpret_cast<const uint8_t *>(p.first.c_str()), p.first.size()) ||
|
||||||
|
!nghttp2_check_header_value(
|
||||||
|
reinterpret_cast<const uint8_t *>(p.second.c_str()),
|
||||||
|
p.second.size())) {
|
||||||
|
return {"", ""};
|
||||||
|
}
|
||||||
|
|
||||||
return p;
|
return p;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1799,7 +1805,7 @@ int parse_config(const char *opt, const char *optarg,
|
||||||
case SHRPX_OPTID_ADD_RESPONSE_HEADER: {
|
case SHRPX_OPTID_ADD_RESPONSE_HEADER: {
|
||||||
auto p = parse_header(optarg);
|
auto p = parse_header(optarg);
|
||||||
if (p.first.empty()) {
|
if (p.first.empty()) {
|
||||||
LOG(ERROR) << opt << ": header field name is empty: " << optarg;
|
LOG(ERROR) << opt << ": invalid header field: " << optarg;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (optid == SHRPX_OPTID_ADD_REQUEST_HEADER) {
|
if (optid == SHRPX_OPTID_ADD_REQUEST_HEADER) {
|
||||||
|
|
|
||||||
|
|
@ -46,8 +46,7 @@ void test_shrpx_config_parse_header(void) {
|
||||||
CU_ASSERT("b" == p.second);
|
CU_ASSERT("b" == p.second);
|
||||||
|
|
||||||
p = parse_header(":a: b");
|
p = parse_header(":a: b");
|
||||||
CU_ASSERT(":a" == p.first);
|
CU_ASSERT(p.first.empty());
|
||||||
CU_ASSERT("b" == p.second);
|
|
||||||
|
|
||||||
p = parse_header("a: :b");
|
p = parse_header("a: :b");
|
||||||
CU_ASSERT("a" == p.first);
|
CU_ASSERT("a" == p.first);
|
||||||
|
|
@ -59,6 +58,12 @@ void test_shrpx_config_parse_header(void) {
|
||||||
p = parse_header("alpha: bravo charlie");
|
p = parse_header("alpha: bravo charlie");
|
||||||
CU_ASSERT("alpha" == p.first);
|
CU_ASSERT("alpha" == p.first);
|
||||||
CU_ASSERT("bravo charlie" == p.second);
|
CU_ASSERT("bravo charlie" == p.second);
|
||||||
|
|
||||||
|
p = parse_header("a,: b");
|
||||||
|
CU_ASSERT(p.first.empty());
|
||||||
|
|
||||||
|
p = parse_header("a: b\x0a");
|
||||||
|
CU_ASSERT(p.first.empty());
|
||||||
}
|
}
|
||||||
|
|
||||||
void test_shrpx_config_parse_log_format(void) {
|
void test_shrpx_config_parse_log_format(void) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue