From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 5 Feb 2022 22:51:05 +0000 (+0100)
Subject: http2: allow CURLOPT_HTTPHEADER change ":scheme"
X-Git-Tag: curl-7_82_0~121
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c85178a94c3707e5c49e079bd4c0b7b97e91da1e;p=thirdparty%2Fcurl.git

http2: allow CURLOPT_HTTPHEADER change ":scheme"

The only h2 psuedo header that wasn't previously possible to change by a
user. This change also makes it impossible to send a HTTP/1 header that
starts with a colon, which I don't think anyone does anyway.

The other pseudo headers are possible to change indirectly by doing the
rightly crafted request.

Reported-by: siddharthchhabrap on github
Fixes #8381
Closes #8393
---

diff --git a/lib/http.c b/lib/http.c
index d9043bcad7..1c898a78b9 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -1858,7 +1858,7 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data,
           ptr = optr;
         }
       }
-      if(ptr) {
+      if(ptr && (ptr != headers->data)) {
         /* we require a colon for this to be a true header */
 
         ptr++; /* pass the colon */
diff --git a/lib/http2.c b/lib/http2.c
index b5e322bcab..1f06c1c9fb 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -36,6 +36,7 @@
 #include "connect.h"
 #include "strtoofft.h"
 #include "strdup.h"
+#include "transfer.h"
 #include "dynbuf.h"
 /* The last 3 #include files should be in this order */
 #include "curl_printf.h"
@@ -1917,6 +1918,7 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex,
   int32_t stream_id;
   nghttp2_session *h2 = httpc->h2;
   nghttp2_priority_spec pri_spec;
+  char *vptr;
 
   (void)sockindex;
 
@@ -2049,10 +2051,21 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex,
 
   nva[2].name = (unsigned char *) H2_PSEUDO_SCHEME;
   nva[2].namelen = sizeof(H2_PSEUDO_SCHEME) - 1;
-  if(conn->handler->flags & PROTOPT_SSL)
-    nva[2].value = (unsigned char *)"https";
-  else
-    nva[2].value = (unsigned char *)"http";
+
+  vptr = Curl_checkheaders(data, H2_PSEUDO_SCHEME);
+  if(vptr) {
+    vptr += sizeof(H2_PSEUDO_SCHEME);
+    while(*vptr && ISSPACE(*vptr))
+      vptr++;
+    nva[2].value = (unsigned char *)vptr;
+    infof(data, "set pseduo header %s to %s", H2_PSEUDO_SCHEME, vptr);
+  }
+  else {
+    if(conn->handler->flags & PROTOPT_SSL)
+      nva[2].value = (unsigned char *)"https";
+    else
+      nva[2].value = (unsigned char *)"http";
+  }
   nva[2].valuelen = strlen((char *)nva[2].value);
   nva[2].flags = NGHTTP2_NV_FLAG_NONE;
   if(HEADER_OVERFLOW(nva[2])) {