Mercurial > hg > nginx

comparison src/http/v2/ngx_http_v2.c @ 7293:d588987701f4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
HTTP/2: validate client request scheme. The scheme is validated as per RFC 3986, Section 3.1.
author Ruslan Ermilov <ru@nginx.com>
date Thu, 07 Jun 2018 11:47:10 +0300
parents 190591ab0d76
children 89430899c72a
comparison
equal deleted inserted replaced
7292:f9661f56c717 7293:d588987701f4
3472 3472
3473 3473
3474 static ngx_int_t 3474 static ngx_int_t
3475 ngx_http_v2_parse_scheme(ngx_http_request_t *r, ngx_str_t *value) 3475 ngx_http_v2_parse_scheme(ngx_http_request_t *r, ngx_str_t *value)
3476 { 3476 {
3477 u_char c, ch;
3478 ngx_uint_t i;
3479
3477 if (r->schema_start) { 3480 if (r->schema_start) {
3478 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, 3481 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
3479 "client sent duplicate :scheme header"); 3482 "client sent duplicate :scheme header");
3480 3483
3481 return NGX_DECLINED; 3484 return NGX_DECLINED;
3482 } 3485 }
3483 3486
3484 if (value->len == 0) { 3487 if (value->len == 0) {
3485 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, 3488 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
3486 "client sent empty :scheme header"); 3489 "client sent empty :scheme header");
3490
3491 return NGX_DECLINED;
3492 }
3493
3494 for (i = 0; i < value->len; i++) {
3495 ch = value->data[i];
3496
3497 c = (u_char) (ch | 0x20);
3498 if (c >= 'a' && c <= 'z') {
3499 continue;
3500 }
3501
3502 if (((ch >= '0' && ch <= '9') || ch == '+' || ch == '-' || ch == '.')
3503 && i > 0)
3504 {
3505 continue;
3506 }
3507
3508 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
3509 "client sent invalid :scheme header: \"%V\"", value);
3487 3510
3488 return NGX_DECLINED; 3511 return NGX_DECLINED;
3489 } 3512 }
3490 3513
3491 r->schema_start = value->data; 3514 r->schema_start = value->data;