Do not verify host field specific characters for response field

Do not verify host field specific characters for response field
section because host field in response field section is undefined.
This commit is contained in:
Tatsuhiro Tsujikawa 2022-06-11 17:08:51 +09:00
parent 8d48686cec
commit a26bad3324
2 changed files with 13 additions and 1 deletions

View File

@ -369,7 +369,11 @@ int nghttp2_http_on_header(nghttp2_session *session, nghttp2_stream *stream,
break;
case NGHTTP2_TOKEN__AUTHORITY:
case NGHTTP2_TOKEN_HOST:
if (session->server || frame->hd.type == NGHTTP2_PUSH_PROMISE) {
rv = nghttp2_check_authority(nv->value->base, nv->value->len);
} else {
rv = nghttp2_check_header_value(nv->value->base, nv->value->len);
}
break;
case NGHTTP2_TOKEN__SCHEME:
rv = check_scheme(nv->value->base, nv->value->len);

View File

@ -11227,6 +11227,8 @@ void test_nghttp2_http_mandatory_headers(void) {
const nghttp2_nv clnonzero204_resnv[] = {MAKE_NV(":status", "204"),
MAKE_NV("content-length", "100")};
const nghttp2_nv status101_resnv[] = {MAKE_NV(":status", "101")};
const nghttp2_nv unexpectedhost_resnv[] = {MAKE_NV(":status", "200"),
MAKE_NV("host", "/localhost")};
/* test case for request */
const nghttp2_nv nopath_reqnv[] = {MAKE_NV(":scheme", "https"),
@ -11364,6 +11366,12 @@ void test_nghttp2_http_mandatory_headers(void) {
NGHTTP2_STREAM_OPENING, status101_resnv,
ARRLEN(status101_resnv));
/* Specific characters check for host field in response header
should not be done as its use is undefined. */
check_nghttp2_http_recv_headers_ok(
session, &deflater, 25, NGHTTP2_STREAM_OPENING, unexpectedhost_resnv,
ARRLEN(unexpectedhost_resnv));
nghttp2_hd_deflate_free(&deflater);
nghttp2_session_del(session);