nghttpx: Restrict HTTP major and minor in 0 or 1

This commit is contained in:
Tatsuhiro Tsujikawa 2017-02-11 18:42:29 +09:00
parent f994664934
commit c78528d54b
2 changed files with 10 additions and 9 deletions

View File

@ -834,11 +834,10 @@ int htp_hdrs_completecb(http_parser *htp) {
resp.http_major = htp->http_major; resp.http_major = htp->http_major;
resp.http_minor = htp->http_minor; resp.http_minor = htp->http_minor;
if (resp.http_major > 1) { if (resp.http_major > 1 || req.http_minor > 1) {
// Normalize HTTP version, since we use http_major == 2 specially
// in Downstream::expect_response_trailer().
resp.http_major = 1; resp.http_major = 1;
resp.http_minor = 1; resp.http_minor = 1;
return -1;
} }
auto dconn = downstream->get_downstream_connection(); auto dconn = downstream->get_downstream_connection();

View File

@ -335,6 +335,12 @@ int htp_hdrs_completecb(http_parser *htp) {
auto host = req.fs.header(http2::HD_HOST); auto host = req.fs.header(http2::HD_HOST);
if (req.http_major > 1 || req.http_minor > 1) {
req.http_major = 1;
req.http_minor = 1;
return -1;
}
if (req.http_major == 1 && req.http_minor == 1 && !host) { if (req.http_major == 1 && req.http_minor == 1 && !host) {
return -1; return -1;
} }
@ -1027,14 +1033,10 @@ int HttpsUpstream::on_downstream_header_complete(Downstream *downstream) {
auto connect_method = req.method == HTTP_CONNECT; auto connect_method = req.method == HTTP_CONNECT;
auto buf = downstream->get_response_buf(); auto buf = downstream->get_response_buf();
std::array<uint8_t, NGHTTP2_MAX_UINT64_DIGITS> intbuf;
buf->append("HTTP/"); buf->append("HTTP/");
buf->append(StringRef{std::begin(intbuf), buf->append('0' + req.http_major);
util::utos(std::begin(intbuf), req.http_major)});
buf->append('.'); buf->append('.');
buf->append(StringRef{std::begin(intbuf), buf->append('0' + req.http_minor);
util::utos(std::begin(intbuf), req.http_minor)});
buf->append(' '); buf->append(' ');
buf->append(http2::stringify_status(balloc, resp.http_status)); buf->append(http2::stringify_status(balloc, resp.http_status));
buf->append(' '); buf->append(' ');