BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid

Ensure pseudo-header scheme is only constitued of valid characters
according to RFC 9110. If an invalid value is found, the request is
rejected and stream is resetted.

It's the same as for previous commit "BUG/MEDIUM: h3: ensure the
":method" pseudo header is totally valid" except that this time it
applies to the ":scheme" pseudo header.

This must be backported up to 2.6.

diff --git a/src/h3.c b/src/h3.c
index fac9846d950dbc02f68ac8908b736be06169448b..68e302dfaf0f399919dadf781a03e9fe934801f2 100644 (file)
--- a/src/h3.c
+++ b/src/h3.c
@@ -675,6 +675,15 @@ static ssize_t h3_headers_to_htx(struct qcs *qcs, const struct buffer *buf,
                                len = -1;
                                goto out;
                        }
+
+                       if (!http_validate_scheme(list[hdr_idx].v)) {
+                               TRACE_ERROR("invalid scheme pseudo-header", H3_EV_RX_FRAME|H3_EV_RX_HDR, qcs->qcc->conn, qcs);
+                               h3s->err = H3_ERR_MESSAGE_ERROR;
+                               qcc_report_glitch(h3c->qcc, 1);
+                               len = -1;
+                               goto out;
+                       }
+
                        scheme = list[hdr_idx].v;
                }
                else if (isteq(list[hdr_idx].n, ist(":authority"))) {