From e6695d9ba7ccbeb0a3931cf85f9349b01623a4c8 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Thu, 7 Aug 2014 22:01:00 +0900
Subject: [PATCH] nghttp: Check HTTP header field characters

---
 src/nghttp.cc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/nghttp.cc b/src/nghttp.cc
index 699605be..c6d07f46 100644
--- a/src/nghttp.cc
+++ b/src/nghttp.cc
@@ -1252,6 +1252,13 @@ int on_header_callback(nghttp2_session *session,
     verbose_on_header_callback(session, frame, name, namelen, value, valuelen,
                                flags, user_data);
   }
+
+  if(!http2::check_nv(name, namelen, value, valuelen)) {
+    nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE, frame->hd.stream_id,
+                              NGHTTP2_PROTOCOL_ERROR);
+    return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+  }
+
   switch(frame->hd.type) {
   case NGHTTP2_HEADERS: {
     if(frame->headers.cat != NGHTTP2_HCAT_RESPONSE &&