[PATCH] HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header
Valentin V. Bartenev
vbart at nginx.com
Mon Mar 27 20:01:08 UTC 2017
On Sunday 26 March 2017 01:41:17 Piotr Sikora via nginx-devel wrote:
> # HG changeset patch
> # User Piotr Sikora <piotrsikora at google.com>
> # Date 1490516708 25200
> # Sun Mar 26 01:25:08 2017 -0700
> # Node ID 6bb029b1df11662ba11e190490cf1ed175fcfaa6
> # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
> HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header.
>
> While there, fix typo in error logs about it.
>
> Signed-off-by: Piotr Sikora <piotrsikora at google.com>
>
> diff -r 22be63bf21ed -r 6bb029b1df11 src/http/v2/ngx_http_v2.c
> --- a/src/http/v2/ngx_http_v2.c
> +++ b/src/http/v2/ngx_http_v2.c
> @@ -3219,14 +3219,14 @@ ngx_http_v2_parse_scheme(ngx_http_reques
> {
> if (r->schema_start) {
> ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
> - "client sent duplicate :schema header");
> + "client sent duplicate :scheme header");
>
> return NGX_DECLINED;
> }
>
> if (header->value.len == 0) {
> ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
> - "client sent empty :schema header");
> + "client sent empty :scheme header");
>
> return NGX_DECLINED;
> }
This part of patch can be added to the style one:
"HTTP/2: style and typos."
> @@ -3291,6 +3291,7 @@ ngx_http_v2_construct_request_line(ngx_h
> static const u_char ending[] = " HTTP/2.0";
>
> if (r->method_name.len == 0
> + || r->schema_start == NULL
> || r->unparsed_uri.len == 0)
> {
> ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
Is there any practical reason to force this restriction?
wbr, Valentin V. Bartenev
More information about the nginx-devel
mailing list