Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2.c @ 7293:d588987701f4
HTTP/2: validate client request scheme.
The scheme is validated as per RFC 3986, Section 3.1.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Thu, 07 Jun 2018 11:47:10 +0300 |
parents | 190591ab0d76 |
children | 89430899c72a |
comparison
equal
deleted
inserted
replaced
7292:f9661f56c717 | 7293:d588987701f4 |
---|---|
3472 | 3472 |
3473 | 3473 |
3474 static ngx_int_t | 3474 static ngx_int_t |
3475 ngx_http_v2_parse_scheme(ngx_http_request_t *r, ngx_str_t *value) | 3475 ngx_http_v2_parse_scheme(ngx_http_request_t *r, ngx_str_t *value) |
3476 { | 3476 { |
3477 u_char c, ch; | |
3478 ngx_uint_t i; | |
3479 | |
3477 if (r->schema_start) { | 3480 if (r->schema_start) { |
3478 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, | 3481 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
3479 "client sent duplicate :scheme header"); | 3482 "client sent duplicate :scheme header"); |
3480 | 3483 |
3481 return NGX_DECLINED; | 3484 return NGX_DECLINED; |
3482 } | 3485 } |
3483 | 3486 |
3484 if (value->len == 0) { | 3487 if (value->len == 0) { |
3485 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, | 3488 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
3486 "client sent empty :scheme header"); | 3489 "client sent empty :scheme header"); |
3490 | |
3491 return NGX_DECLINED; | |
3492 } | |
3493 | |
3494 for (i = 0; i < value->len; i++) { | |
3495 ch = value->data[i]; | |
3496 | |
3497 c = (u_char) (ch | 0x20); | |
3498 if (c >= 'a' && c <= 'z') { | |
3499 continue; | |
3500 } | |
3501 | |
3502 if (((ch >= '0' && ch <= '9') || ch == '+' || ch == '-' || ch == '.') | |
3503 && i > 0) | |
3504 { | |
3505 continue; | |
3506 } | |
3507 | |
3508 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, | |
3509 "client sent invalid :scheme header: \"%V\"", value); | |
3487 | 3510 |
3488 return NGX_DECLINED; | 3511 return NGX_DECLINED; |
3489 } | 3512 } |
3490 | 3513 |
3491 r->schema_start = value->data; | 3514 r->schema_start = value->data; |