Mercurial > hg > nginx
changeset 7293:d588987701f4
HTTP/2: validate client request scheme.
The scheme is validated as per RFC 3986, Section 3.1.
| author | Ruslan Ermilov <ru@nginx.com> |
|---|---|
| date | Thu, 07 Jun 2018 11:47:10 +0300 |
| parents | f9661f56c717 |
| children | 21ad2af3262c |
| files | src/http/v2/ngx_http_v2.c |
| diffstat | 1 files changed, 23 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -3474,6 +3474,9 @@ ngx_http_v2_parse_method(ngx_http_reques static ngx_int_t ngx_http_v2_parse_scheme(ngx_http_request_t *r, ngx_str_t *value) { + u_char c, ch; + ngx_uint_t i; + if (r->schema_start) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent duplicate :scheme header"); @@ -3488,6 +3491,26 @@ ngx_http_v2_parse_scheme(ngx_http_reques return NGX_DECLINED; } + for (i = 0; i < value->len; i++) { + ch = value->data[i]; + + c = (u_char) (ch | 0x20); + if (c >= 'a' && c <= 'z') { + continue; + } + + if (((ch >= '0' && ch <= '9') || ch == '+' || ch == '-' || ch == '.') + && i > 0) + { + continue; + } + + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent invalid :scheme header: \"%V\"", value); + + return NGX_DECLINED; + } + r->schema_start = value->data; r->schema_end = value->data + value->len;