http2: allow CURLOPT_HTTPHEADER change ":scheme"

The only h2 psuedo header that wasn't previously possible to change by a
user. This change also makes it impossible to send a HTTP/1 header that
starts with a colon, which I don't think anyone does anyway.

The other pseudo headers are possible to change indirectly by doing the
rightly crafted request.

Reported-by: siddharthchhabrap on github
Fixes #8381
Closes #8393

diff --git a/lib/http.c b/lib/http.c
index d9043bcad796d3c2c37a0e060e982d9602fdfa8f..1c898a78b918572c7c01744fb15c60d1ea7d412c 100644 (file)
--- a/lib/http.c
+++ b/lib/http.c
@@ -1858,7 +1858,7 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data,
           ptr = optr;
         }
       }
-      if(ptr) {
+      if(ptr && (ptr != headers->data)) {
         /* we require a colon for this to be a true header */
 
         ptr++; /* pass the colon */

diff --git a/lib/http2.c b/lib/http2.c
index b5e322bcabf491e18397bd184f937ff0bcdef34e..1f06c1c9fb0bf5370683365779cb9f1806dcd6b0 100644 (file)
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -36,6 +36,7 @@
 #include "connect.h"
 #include "strtoofft.h"
 #include "strdup.h"
+#include "transfer.h"
 #include "dynbuf.h"
 /* The last 3 #include files should be in this order */
 #include "curl_printf.h"
@@ -1917,6 +1918,7 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex,
   int32_t stream_id;
   nghttp2_session *h2 = httpc->h2;
   nghttp2_priority_spec pri_spec;
+  char *vptr;
 
   (void)sockindex;
 
@@ -2049,10 +2051,21 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex,
 
   nva[2].name = (unsigned char *) H2_PSEUDO_SCHEME;
   nva[2].namelen = sizeof(H2_PSEUDO_SCHEME) - 1;
-  if(conn->handler->flags & PROTOPT_SSL)
-    nva[2].value = (unsigned char *)"https";
-  else
-    nva[2].value = (unsigned char *)"http";
+
+  vptr = Curl_checkheaders(data, H2_PSEUDO_SCHEME);
+  if(vptr) {
+    vptr += sizeof(H2_PSEUDO_SCHEME);
+    while(*vptr && ISSPACE(*vptr))
+      vptr++;
+    nva[2].value = (unsigned char *)vptr;
+    infof(data, "set pseduo header %s to %s", H2_PSEUDO_SCHEME, vptr);
+  }
+  else {
+    if(conn->handler->flags & PROTOPT_SSL)
+      nva[2].value = (unsigned char *)"https";
+    else
+      nva[2].value = (unsigned char *)"http";
+  }
   nva[2].valuelen = strlen((char *)nva[2].value);
   nva[2].flags = NGHTTP2_NV_FLAG_NONE;
   if(HEADER_OVERFLOW(nva[2])) {