nghttp2_hd: Allow HTAB and obs-text characters for field-content

2014-01-03 22:42:36 +09:00 · 2014-01-03 22:42:36 +09:00 · 888792a949
parent f319d6e475
commit 888792a949
2 changed files with 55 additions and 6 deletions
--- a/lib/nghttp2_helper.c
+++ b/lib/nghttp2_helper.c
@ -219,13 +219,62 @@ int nghttp2_check_header_name_nocase(const uint8_t *name, size_t len)
  return check_header_name(name, len, 1);
 }

+static int VALID_HD_VALUE_CHARS[] = {
+  1 /* NULL */,
+  -1, -1, -1, -1, -1, -1, -1, -1,
+  1 /* HTAB */,
+  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+  1 /* SP */, 1 /* ! */, 1 /* " */, 1 /* # */, 1 /* $ */, 1 /* % */,
+  1 /* & */, 1 /* ' */, 1 /* ( */, 1 /* ) */, 1 /* * */, 1 /* + */,
+  1 /* , */, 1 /* - */, 1 /* . */, 1 /* / */, 1 /* 0 */, 1 /* 1 */,
+  1 /* 2 */, 1 /* 3 */, 1 /* 4 */, 1 /* 5 */, 1 /* 6 */, 1 /* 7 */,
+  1 /* 8 */, 1 /* 9 */, 1 /* : */, 1 /* ; */, 1 /* < */, 1 /* = */,
+  1 /* > */, 1 /* ? */, 1 /* @ */, 1 /* A */, 1 /* B */, 1 /* C */,
+  1 /* D */, 1 /* E */, 1 /* F */, 1 /* G */, 1 /* H */, 1 /* I */,
+  1 /* J */, 1 /* K */, 1 /* L */, 1 /* M */, 1 /* N */, 1 /* O */,
+  1 /* P */, 1 /* Q */, 1 /* R */, 1 /* S */, 1 /* T */, 1 /* U */,
+  1 /* V */, 1 /* W */, 1 /* X */, 1 /* Y */, 1 /* Z */, 1 /* [ */,
+  1 /* \ */, 1 /* ] */, 1 /* ^ */, 1 /* _ */, 1 /* ` */, 1 /* a */,
+  1 /* b */, 1 /* c */, 1 /* d */, 1 /* e */, 1 /* f */, 1 /* g */,
+  1 /* h */, 1 /* i */, 1 /* j */, 1 /* k */, 1 /* l */, 1 /* m */,
+  1 /* n */, 1 /* o */, 1 /* p */, 1 /* q */, 1 /* r */, 1 /* s */,
+  1 /* t */, 1 /* u */, 1 /* v */, 1 /* w */, 1 /* x */, 1 /* y */,
+  1 /* z */, 1 /* { */, 1 /* | */, 1 /* } */, 1 /* ~ */,
+  -1,
+  1 /* 0x80 */, 1 /* 0x81 */, 1 /* 0x82 */, 1 /* 0x83 */, 1 /* 0x84 */,
+  1 /* 0x85 */, 1 /* 0x86 */, 1 /* 0x87 */, 1 /* 0x88 */, 1 /* 0x89 */,
+  1 /* 0x8a */, 1 /* 0x8b */, 1 /* 0x8c */, 1 /* 0x8d */, 1 /* 0x8e */,
+  1 /* 0x8f */, 1 /* 0x90 */, 1 /* 0x91 */, 1 /* 0x92 */, 1 /* 0x93 */,
+  1 /* 0x94 */, 1 /* 0x95 */, 1 /* 0x96 */, 1 /* 0x97 */, 1 /* 0x98 */,
+  1 /* 0x99 */, 1 /* 0x9a */, 1 /* 0x9b */, 1 /* 0x9c */, 1 /* 0x9d */,
+  1 /* 0x9e */, 1 /* 0x9f */, 1 /* 0xa0 */, 1 /* 0xa1 */, 1 /* 0xa2 */,
+  1 /* 0xa3 */, 1 /* 0xa4 */, 1 /* 0xa5 */, 1 /* 0xa6 */, 1 /* 0xa7 */,
+  1 /* 0xa8 */, 1 /* 0xa9 */, 1 /* 0xaa */, 1 /* 0xab */, 1 /* 0xac */,
+  1 /* 0xad */, 1 /* 0xae */, 1 /* 0xaf */, 1 /* 0xb0 */, 1 /* 0xb1 */,
+  1 /* 0xb2 */, 1 /* 0xb3 */, 1 /* 0xb4 */, 1 /* 0xb5 */, 1 /* 0xb6 */,
+  1 /* 0xb7 */, 1 /* 0xb8 */, 1 /* 0xb9 */, 1 /* 0xba */, 1 /* 0xbb */,
+  1 /* 0xbc */, 1 /* 0xbd */, 1 /* 0xbe */, 1 /* 0xbf */, 1 /* 0xc0 */,
+  1 /* 0xc1 */, 1 /* 0xc2 */, 1 /* 0xc3 */, 1 /* 0xc4 */, 1 /* 0xc5 */,
+  1 /* 0xc6 */, 1 /* 0xc7 */, 1 /* 0xc8 */, 1 /* 0xc9 */, 1 /* 0xca */,
+  1 /* 0xcb */, 1 /* 0xcc */, 1 /* 0xcd */, 1 /* 0xce */, 1 /* 0xcf */,
+  1 /* 0xd0 */, 1 /* 0xd1 */, 1 /* 0xd2 */, 1 /* 0xd3 */, 1 /* 0xd4 */,
+  1 /* 0xd5 */, 1 /* 0xd6 */, 1 /* 0xd7 */, 1 /* 0xd8 */, 1 /* 0xd9 */,
+  1 /* 0xda */, 1 /* 0xdb */, 1 /* 0xdc */, 1 /* 0xdd */, 1 /* 0xde */,
+  1 /* 0xdf */, 1 /* 0xe0 */, 1 /* 0xe1 */, 1 /* 0xe2 */, 1 /* 0xe3 */,
+  1 /* 0xe4 */, 1 /* 0xe5 */, 1 /* 0xe6 */, 1 /* 0xe7 */, 1 /* 0xe8 */,
+  1 /* 0xe9 */, 1 /* 0xea */, 1 /* 0xeb */, 1 /* 0xec */, 1 /* 0xed */,
+  1 /* 0xee */, 1 /* 0xef */, 1 /* 0xf0 */, 1 /* 0xf1 */, 1 /* 0xf2 */,
+  1 /* 0xf3 */, 1 /* 0xf4 */, 1 /* 0xf5 */, 1 /* 0xf6 */, 1 /* 0xf7 */,
+  1 /* 0xf8 */, 1 /* 0xf9 */, 1 /* 0xfa */, 1 /* 0xfb */, 1 /* 0xfc */,
+  1 /* 0xfd */, 1 /* 0xfe */, 1 /* 0xff */
+};
+
 int nghttp2_check_header_value(const uint8_t* value, size_t len)
 {
-  size_t i;
-  for(i = 0; i < len; ++i) {
-    /* Only allow NUL or ASCII range [0x20, 0x7e], inclusive, to match
-       HTTP/1 sematics */
-    if(value[i] != '\0' && (0x20u > value[i] || value[i] > 0x7eu)) {
+  const uint8_t *last;
+  for(last = value + len; value != last; ++value) {
+    if(VALID_HD_VALUE_CHARS[*value] == -1) {
      return 0;
    }
  }
--- a/tests/nghttp2_helper_test.c
+++ b/tests/nghttp2_helper_test.c
@ -187,7 +187,7 @@ void test_nghttp2_check_header_name(void)

 void test_nghttp2_check_header_value(void)
 {
-  uint8_t goodval[] = { 'a', '\0', 'b' };
+  uint8_t goodval[] = { 'a', '\0', 'b', 0x80u, 'c', 0xffu, 'd', '\t', ' ' };
  uint8_t badval1[] = { 'a', 0x1fu, 'b' };
  uint8_t badval2[] = { 'a', 0x7fu, 'b' };