[PATCH] HTTP/2: reject HTTP/2 requests with "Connection" header

Valentin V. Bartenev vbart at nginx.com
Thu Jun 8 15:17:38 UTC 2017


On Sunday 26 March 2017 01:41:18 Piotr Sikora via nginx-devel wrote:
> # HG changeset patch
> # User Piotr Sikora <piotrsikora at google.com>
> # Date 1490516709 25200
> #      Sun Mar 26 01:25:09 2017 -0700
> # Node ID b8daccea5fde213d4b7a10fa9f57070ab3b6a1ec
> # Parent  22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
> HTTP/2: reject HTTP/2 requests with "Connection" header.
> 
> While there, populate r->headers_in.connection.
> 
> Signed-off-by: Piotr Sikora <piotrsikora at google.com>
> 
> diff -r 22be63bf21ed -r b8daccea5fde src/http/ngx_http_request.c
> --- a/src/http/ngx_http_request.c
> +++ b/src/http/ngx_http_request.c
> @@ -1659,6 +1659,22 @@ static ngx_int_t
>  ngx_http_process_connection(ngx_http_request_t *r, ngx_table_elt_t *h,
>      ngx_uint_t offset)
>  {
> +    if (r->headers_in.connection == NULL) {
> +        r->headers_in.connection = h;
> +    }
> +
> +#if (NGX_HTTP_V2)
> +
> +    if (r->http_version >= NGX_HTTP_VERSION_20) {
> +        ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
> +                      "client sent HTTP/2 request with \"Connection\" header");
> +
> +        ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
> +        return NGX_ERROR;
> +    }
> +
> +#endif
> +
>      if (ngx_strcasestrn(h->value.data, "close", 5 - 1)) {
>          r->headers_in.connection_type = NGX_HTTP_CONNECTION_CLOSE;
>  

Since HTTP/2 is a separate protocol and not just GET / HTTP/2.0, so
the r->stream pointer should be tested instead (like in many other
places).

  wbr, Valentin V. Bartenev



More information about the nginx-devel mailing list