src: Omit \r\n sanitization on header value

This is because nghttp2 and spdylay now don't allow \r\n in header
value. Require spdylay >= 1.2.3.

configure.ac

@@ -214,7 +214,7 @@ fi
 AM_CONDITIONAL([HAVE_LIBXML2], [ test "x${have_libxml2}" = "xyes" ])
 
 # spdylay (for src/nghttpx)
-PKG_CHECK_MODULES([LIBSPDYLAY], [libspdylay >= 1.2.0],
+PKG_CHECK_MODULES([LIBSPDYLAY], [libspdylay >= 1.2.3],
                   [have_spdylay=yes], [have_spdylay=no])
 if test "x${have_spdylay}" = "xyes"; then
   AC_DEFINE([HAVE_SPDYLAY], [1], [Define to 1 if you have `spdylay` library.])

src/http2.cc

@@ -92,27 +92,28 @@ void capitalize(std::string& s, size_t offset)
 
 bool check_header_value(const char *value)
 {
-  return strpbrk(value, "\r\n") == nullptr;
-}
-
-bool check_header_value(const nghttp2_nv* nv)
-{
-  size_t i;
-  for(i = 0; i < nv->valuelen; ++i) {
-    if(nv->value[i] == '\r' || nv->value[i] == '\n') {
-      return false;
+  for(; *value; ++value) {
+    switch(*value) {
+    case '\t':
+    case ' ':
+      continue;
+    default:
+      return true;
     }
   }
-  return true;
+  return false;
 }
 
 void sanitize_header_value(std::string& s, size_t offset)
 {
-  for(size_t i = offset, eoi = s.size(); i < eoi; ++i) {
-    if(s[i] == '\r' || s[i] == '\n') {
-      s[i] = ' ';
-    }
-  }
+  // Since both nghttp2 and spdylay do not allow \n and \r in header
+  // values, we don't have to do this anymore.
+
+  // for(size_t i = offset, eoi = s.size(); i < eoi; ++i) {
+  //   if(s[i] == '\r' || s[i] == '\n') {
+  //     s[i] = ' ';
+  //   }
+  // }
 }
 
 void copy_url_component(std::string& dest, const http_parser_url *u, int field,
@@ -307,7 +308,7 @@ bool value_lws(const nghttp2_nv *nv)
 
 bool non_empty_value(const nghttp2_nv* nv)
 {
-  return nv && !http2::value_lws(nv) && http2::check_header_value(nv);
+  return nv && !http2::value_lws(nv);
 }
 
 nghttp2_nv make_nv(const std::string& name, const std::string& value)

src/http2.h

@@ -44,12 +44,9 @@ std::string get_status_string(unsigned int status_code);
 
 void capitalize(std::string& s, size_t offset);
 
-// Returns false if |value| contains \r or \n.
+// Returns false if |value| is LWS
 bool check_header_value(const char *value);
 
-// Returns false if |nv->value| contains \r or \n.
-bool check_header_value(const nghttp2_nv *nv);
-
 void sanitize_header_value(std::string& s, size_t offset);
 
 // Copies the |field| component value from |u| and |url| to the

src/http2_test.cc

@@ -204,24 +204,20 @@ void test_http2_build_http1_headers_from_norm_headers(void)
             "Zulu: 12\r\n");
 
   hdrs.clear();
-  auto hd2 = std::vector<std::pair<std::string, std::string>>
-    {{"alpha", "bravo\r\ncharlie\r\n"}};
-  http2::build_http1_headers_from_norm_headers(hdrs, hd2);
-  CU_ASSERT(hdrs == "Alpha: bravo  charlie  \r\n");
+  // Both nghttp2 and spdylay do not allow \r and \n in header value
+  // now.
+
+  // auto hd2 = std::vector<std::pair<std::string, std::string>>
+  //   {{"alpha", "bravo\r\ncharlie\r\n"}};
+  // http2::build_http1_headers_from_norm_headers(hdrs, hd2);
+  // CU_ASSERT(hdrs == "Alpha: bravo  charlie  \r\n");
 }
 
 void test_http2_check_header_value(void)
 {
   CU_ASSERT(http2::check_header_value("alpha"));
-  CU_ASSERT(!http2::check_header_value("alpha\r"));
-  CU_ASSERT(!http2::check_header_value("alpha\n"));
-
-  nghttp2_nv nv1 = MAKE_NV("alpha", "bravo");
-  CU_ASSERT(http2::check_header_value(&nv1));
-  nghttp2_nv nv2 = MAKE_NV("alpha", "bravo\r");
-  CU_ASSERT(!http2::check_header_value(&nv2));
-  nghttp2_nv nv3 = MAKE_NV("alpha", "bravo\n");
-  CU_ASSERT(!http2::check_header_value(&nv3));
+  CU_ASSERT(!http2::check_header_value(" "));
+  CU_ASSERT(!http2::check_header_value(""));
 }
 
 namespace {