2 requests with invalid "TE" header value

Piotr Sikora via nginx-devel Tue, 13 Jun 2017 05:21:08 -0700

# HG changeset patch
# User Piotr Sikora <[email protected]>
# Date 1490516709 25200
#      Sun Mar 26 01:25:09 2017 -0700
# Node ID 349648a6f91f9bd5cc80d22390b95c2239a8bfb3
# Parent  10c3f4c37f96ef496eff859b6f6815817e79455a
HTTP/2: reject HTTP/2 requests with invalid "TE" header value.


Signed-off-by: Piotr Sikora <[email protected]>

diff -r 10c3f4c37f96 -r 349648a6f91f src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -27,6 +27,8 @@ static ngx_int_t ngx_http_process_host(n
     ngx_table_elt_t *h, ngx_uint_t offset);
 static ngx_int_t ngx_http_process_connection(ngx_http_request_t *r,
     ngx_table_elt_t *h, ngx_uint_t offset);
+static ngx_int_t ngx_http_process_te(ngx_http_request_t *r,
+    ngx_table_elt_t *h, ngx_uint_t offset);
 static ngx_int_t ngx_http_process_user_agent(ngx_http_request_t *r,
     ngx_table_elt_t *h, ngx_uint_t offset);
 
@@ -128,6 +130,10 @@ ngx_http_header_t  ngx_http_headers_in[]
                  offsetof(ngx_http_headers_in_t, if_range),
                  ngx_http_process_unique_header_line },
 
+    { ngx_string("TE"),
+                 offsetof(ngx_http_headers_in_t, te),
+                 ngx_http_process_te },
+
     { ngx_string("Transfer-Encoding"),
                  offsetof(ngx_http_headers_in_t, transfer_encoding),
                  ngx_http_process_header_line },
@@ -1706,6 +1712,37 @@ ngx_http_process_connection(ngx_http_req
 
 
 static ngx_int_t
+ngx_http_process_te(ngx_http_request_t *r, ngx_table_elt_t *h,
+    ngx_uint_t offset)
+{
+    if (r->headers_in.te == NULL) {
+        r->headers_in.te = h;
+    }
+
+    if (h->value.len == sizeof("trailers") - 1
+        && ngx_memcmp(h->value.data, "trailers", sizeof("trailers") - 1) == 0)
+    {
+        return NGX_OK;
+    }
+
+#if (NGX_HTTP_V2)
+
+    if (r->stream) {
+        ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                      "client sent HTTP/2 request with invalid header value: "
+                      "\"TE: %V\"", &h->value);
+
+        ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
+        return NGX_ERROR;
+    }
+
+#endif
+
+    return NGX_OK;
+}
+
+
+static ngx_int_t
 ngx_http_process_user_agent(ngx_http_request_t *r, ngx_table_elt_t *h,
     ngx_uint_t offset)
 {
diff -r 10c3f4c37f96 -r 349648a6f91f src/http/ngx_http_request.h
--- a/src/http/ngx_http_request.h
+++ b/src/http/ngx_http_request.h
@@ -196,6 +196,7 @@ typedef struct {
     ngx_table_elt_t                  *range;
     ngx_table_elt_t                  *if_range;
 
+    ngx_table_elt_t                  *te;
     ngx_table_elt_t                  *transfer_encoding;
     ngx_table_elt_t                  *expect;
     ngx_table_elt_t                  *upgrade;
_______________________________________________
nginx-devel mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[PATCH 2 of 4] HTTP/2: reject HTTP/2 requests with invalid "TE" header value

Reply via email to