Mercurial > hg > nginx-tests
changeset 677:5d258aa5ebc5
Tests: more HTTP/2 tests for newline in request header.
Request with invalid characters in header field value is malformed.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Fri, 04 Sep 2015 15:39:39 +0300 |
| parents | dbe5bc4b8b39 |
| children | 99233cfefbbe |
| files | h2.t |
| diffstat | 1 files changed, 30 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/h2.t +++ b/h2.t @@ -32,7 +32,7 @@ plan(skip_all => 'IO::Socket::SSL too ol my $t = Test::Nginx->new()->has(qw/http http_ssl http_v2 proxy cache/) ->has(qw/limit_conn rewrite realip shmem/) - ->has_daemon('openssl')->plan(163); + ->has_daemon('openssl')->plan(168); $t->write_file_expand('nginx.conf', <<'EOF'); @@ -1421,6 +1421,10 @@ is($frame->{headers}->{':status'}, 200, # some invalid cases below # ensure that request header field value with newline doesn't get split +# +# 10.3. Intermediary Encapsulation Attacks +# Any request or response that contains a character not permitted +# in a header field value MUST be treated as malformed. $sess = new_session(); $sid = new_stream($sess, { headers => [ @@ -1431,9 +1435,34 @@ is($frame->{headers}->{':status'}, 200, { name => 'x-foo', value => "x-bar\r\nreferer:see-this", mode => 2 }]}); $frames = h2_read($sess, all => [{ sid => $sid, fin => 1 }]); +# 10.3. Intermediary Encapsulation Attacks +# An intermediary therefore cannot translate an HTTP/2 request or response +# containing an invalid field name into an HTTP/1.1 message. + ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; isnt($frame->{headers}->{'x-referer'}, 'see-this', 'newline in request header'); +# 8.1.2.6. Malformed Requests and Responses +# For malformed requests, a server MAY send an HTTP response prior to +# closing or resetting the stream. + +is($frame->{headers}->{':status'}, 400, 'newline in request header - status'); + +# 8.1.2.6. Malformed Requests and Responses +# Malformed requests or responses that are detected MUST be treated +# as a stream error (Section 5.4.2) of type PROTOCOL_ERROR. + +TODO: { +local $TODO = 'not yet'; + +($frame) = grep { $_->{type} eq "RST_STREAM" } @$frames; +is($frame->{sid}, $sid, 'newline in request header - RST_STREAM sid'); +is($frame->{length}, 4, 'newline in request header - RST_STREAM length'); +is($frame->{flags}, 0, 'newline in request header - RST_STREAM flags'); +is($frame->{code}, 1, 'newline in request header - RST_STREAM code'); + +} + # GOAWAY on SYN_STREAM with even StreamID TODO: {