[nginx] HTTP/2: validate client request scheme.

Ruslan Ermilov ru at nginx.com
Thu Jun 7 19:01:17 UTC 2018


details:   http://hg.nginx.org/nginx/rev/d588987701f4
branches:  
changeset: 7293:d588987701f4
user:      Ruslan Ermilov <ru at nginx.com>
date:      Thu Jun 07 11:47:10 2018 +0300
description:
HTTP/2: validate client request scheme.

The scheme is validated as per RFC 3986, Section 3.1.

diffstat:

 src/http/v2/ngx_http_v2.c |  23 +++++++++++++++++++++++
 1 files changed, 23 insertions(+), 0 deletions(-)

diffs (40 lines):

diff -r f9661f56c717 -r d588987701f4 src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c	Thu May 24 12:06:35 2018 +0300
+++ b/src/http/v2/ngx_http_v2.c	Thu Jun 07 11:47:10 2018 +0300
@@ -3474,6 +3474,9 @@ ngx_http_v2_parse_method(ngx_http_reques
 static ngx_int_t
 ngx_http_v2_parse_scheme(ngx_http_request_t *r, ngx_str_t *value)
 {
+    u_char      c, ch;
+    ngx_uint_t  i;
+
     if (r->schema_start) {
         ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
                       "client sent duplicate :scheme header");
@@ -3488,6 +3491,26 @@ ngx_http_v2_parse_scheme(ngx_http_reques
         return NGX_DECLINED;
     }
 
+    for (i = 0; i < value->len; i++) {
+        ch = value->data[i];
+
+        c = (u_char) (ch | 0x20);
+        if (c >= 'a' && c <= 'z') {
+            continue;
+        }
+
+        if (((ch >= '0' && ch <= '9') || ch == '+' || ch == '-' || ch == '.')
+            && i > 0)
+        {
+            continue;
+        }
+
+        ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                      "client sent invalid :scheme header: \"%V\"", value);
+
+        return NGX_DECLINED;
+    }
+
     r->schema_start = value->data;
     r->schema_end = value->data + value->len;
 


More information about the nginx-devel mailing list