]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5208869)
BUG/MEDIUM: h2: remove connection-specific headers from request
authorWilly Tarreau <w@1wt.eu>
Sun, 3 Dec 2017 19:15:34 +0000 (20:15 +0100)
committerWilly Tarreau <w@1wt.eu>
Sun, 3 Dec 2017 20:09:18 +0000 (21:09 +0100)
h2spec rightfully outlines that we used not to reject these ones, and
they may cause trouble if presented, especially "upgrade".

Must be backported to 1.8.

src/h2.c patch | blob | blame | history

diff --git a/src/h2.c b/src/h2.c
index 83ef04363714b2eb77f442bbc9bad7f7e9c8cc43..64f27fe20def48501f36a0eb47dd5f23af62e42d 100644 (file)
--- a/src/h2.c
+++ b/src/h2.c
@@ -179,6 +179,14 @@ int h2_make_h1_request(struct http_hdr *list, char *out, int osize)
                if (isteq(list[idx].n, ist("host")))
                        fields |= H2_PHDR_FND_HOST;
 
+               /* these ones are forbidden in requests (RFC7540#8.1.2.2) */
+               if (isteq(list[idx].n, ist("connection")) ||
+                   isteq(list[idx].n, ist("proxy-connection")) ||
+                   isteq(list[idx].n, ist("keep-alive")) ||
+                   isteq(list[idx].n, ist("upgrade")) ||
+                   isteq(list[idx].n, ist("transfer-encoding")))
+                       goto fail;
+
                if (isteq(list[idx].n, ist("te")) && !isteq(list[idx].v, ist("trailers")))
                        goto fail;
 
Mirror of https://github.com/haproxy/haproxy.git