Merge pull request #1727 from nghttp2/host-in-resp-field-section

Do not verify host field specific characters for response field
This commit is contained in:
Tatsuhiro Tsujikawa 2022-06-11 17:33:44 +09:00 committed by GitHub
commit ac3f846f29
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 1 deletions

View File

@ -369,7 +369,11 @@ int nghttp2_http_on_header(nghttp2_session *session, nghttp2_stream *stream,
break; break;
case NGHTTP2_TOKEN__AUTHORITY: case NGHTTP2_TOKEN__AUTHORITY:
case NGHTTP2_TOKEN_HOST: case NGHTTP2_TOKEN_HOST:
if (session->server || frame->hd.type == NGHTTP2_PUSH_PROMISE) {
rv = nghttp2_check_authority(nv->value->base, nv->value->len); rv = nghttp2_check_authority(nv->value->base, nv->value->len);
} else {
rv = nghttp2_check_header_value(nv->value->base, nv->value->len);
}
break; break;
case NGHTTP2_TOKEN__SCHEME: case NGHTTP2_TOKEN__SCHEME:
rv = check_scheme(nv->value->base, nv->value->len); rv = check_scheme(nv->value->base, nv->value->len);

View File

@ -11376,6 +11376,8 @@ void test_nghttp2_http_mandatory_headers(void) {
const nghttp2_nv clnonzero204_resnv[] = {MAKE_NV(":status", "204"), const nghttp2_nv clnonzero204_resnv[] = {MAKE_NV(":status", "204"),
MAKE_NV("content-length", "100")}; MAKE_NV("content-length", "100")};
const nghttp2_nv status101_resnv[] = {MAKE_NV(":status", "101")}; const nghttp2_nv status101_resnv[] = {MAKE_NV(":status", "101")};
const nghttp2_nv unexpectedhost_resnv[] = {MAKE_NV(":status", "200"),
MAKE_NV("host", "/localhost")};
/* test case for request */ /* test case for request */
const nghttp2_nv nopath_reqnv[] = {MAKE_NV(":scheme", "https"), const nghttp2_nv nopath_reqnv[] = {MAKE_NV(":scheme", "https"),
@ -11513,6 +11515,12 @@ void test_nghttp2_http_mandatory_headers(void) {
NGHTTP2_STREAM_OPENING, status101_resnv, NGHTTP2_STREAM_OPENING, status101_resnv,
ARRLEN(status101_resnv)); ARRLEN(status101_resnv));
/* Specific characters check for host field in response header
should not be done as its use is undefined. */
check_nghttp2_http_recv_headers_ok(
session, &deflater, 25, NGHTTP2_STREAM_OPENING, unexpectedhost_resnv,
ARRLEN(unexpectedhost_resnv));
nghttp2_hd_deflate_free(&deflater); nghttp2_hd_deflate_free(&deflater);
nghttp2_session_del(session); nghttp2_session_del(session);