[PATCH] HTTP/2: reject HTTP/2 requests with invalid "TE" header value

Piotr Sikora piotrsikora at google.com
Wed May 31 23:13:56 UTC 2017 

# HG changeset patch
# User Piotr Sikora <piotrsikora at google.com>
# Date 1496272340 25200
#      Wed May 31 16:12:20 2017 -0700
# Node ID a8050d50338bf127d57f820744a498517bf44b68
# Parent  ab6ef3037840393752d82fac01ea1eb4f972301c
HTTP/2: reject HTTP/2 requests with invalid "TE" header value.

Signed-off-by: Piotr Sikora <piotrsikora at google.com>

diff -r ab6ef3037840 -r a8050d50338b src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -27,6 +27,8 @@ static ngx_int_t ngx_http_process_host(n
     ngx_table_elt_t *h, ngx_uint_t offset);
 static ngx_int_t ngx_http_process_connection(ngx_http_request_t *r,
     ngx_table_elt_t *h, ngx_uint_t offset);
+static ngx_int_t ngx_http_process_te(ngx_http_request_t *r,
+    ngx_table_elt_t *h, ngx_uint_t offset);
 static ngx_int_t ngx_http_process_user_agent(ngx_http_request_t *r,
     ngx_table_elt_t *h, ngx_uint_t offset);
 
@@ -128,6 +130,10 @@ ngx_http_header_t  ngx_http_headers_in[]
                  offsetof(ngx_http_headers_in_t, if_range),
                  ngx_http_process_unique_header_line },
 
+    { ngx_string("TE"),
+                 offsetof(ngx_http_headers_in_t, te),
+                 ngx_http_process_te },
+
     { ngx_string("Transfer-Encoding"),
                  offsetof(ngx_http_headers_in_t, transfer_encoding),
                  ngx_http_process_header_line },
@@ -1690,6 +1696,41 @@ ngx_http_process_connection(ngx_http_req
 
 
 static ngx_int_t
+ngx_http_process_te(ngx_http_request_t *r, ngx_table_elt_t *h,
+    ngx_uint_t offset)
+{
+    if (r->headers_in.te == NULL) {
+        r->headers_in.te = h;
+    }
+
+    if (r->http_version <= NGX_HTTP_VERSION_11) {
+        return NGX_OK;
+    }
+
+    if (h->value.len == sizeof("trailers") - 1
+        && ngx_memcmp(h->value.data, "trailers", sizeof("trailers") - 1) == 0)
+    {
+        return NGX_OK;
+    }
+
+#if (NGX_HTTP_V2)
+
+    if (r->http_version >= NGX_HTTP_VERSION_20) {
+        ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                      "client sent HTTP/2 request with invalid header value: "
+                      "\"TE: %V\"", &h->value);
+
+        ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
+        return NGX_ERROR;
+    }
+
+#endif
+
+    return NGX_OK;
+}
+
+
+static ngx_int_t
 ngx_http_process_user_agent(ngx_http_request_t *r, ngx_table_elt_t *h,
     ngx_uint_t offset)
 {
diff -r ab6ef3037840 -r a8050d50338b src/http/ngx_http_request.h
--- a/src/http/ngx_http_request.h
+++ b/src/http/ngx_http_request.h
@@ -196,6 +196,7 @@ typedef struct {
     ngx_table_elt_t                  *range;
     ngx_table_elt_t                  *if_range;
 
+    ngx_table_elt_t                  *te;
     ngx_table_elt_t                  *transfer_encoding;
     ngx_table_elt_t                  *expect;
     ngx_table_elt_t                  *upgrade;

More information about the nginx-devel mailing list