From: Willy Tarreau <w@1wt.eu>
Date: Sun, 3 Dec 2017 19:15:34 +0000 (+0100)
Subject: BUG/MEDIUM: h2: remove connection-specific headers from request
X-Git-Tag: v1.9-dev1~613
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fe7c356be67335d92d41decd13468b862a562337;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: h2: remove connection-specific headers from request

h2spec rightfully outlines that we used not to reject these ones, and
they may cause trouble if presented, especially "upgrade".

Must be backported to 1.8.
---

diff --git a/src/h2.c b/src/h2.c
index 83ef043637..64f27fe20d 100644
--- a/src/h2.c
+++ b/src/h2.c
@@ -179,6 +179,14 @@ int h2_make_h1_request(struct http_hdr *list, char *out, int osize)
 		if (isteq(list[idx].n, ist("host")))
 			fields |= H2_PHDR_FND_HOST;
 
+		/* these ones are forbidden in requests (RFC7540#8.1.2.2) */
+		if (isteq(list[idx].n, ist("connection")) ||
+		    isteq(list[idx].n, ist("proxy-connection")) ||
+		    isteq(list[idx].n, ist("keep-alive")) ||
+		    isteq(list[idx].n, ist("upgrade")) ||
+		    isteq(list[idx].n, ist("transfer-encoding")))
+			goto fail;
+
 		if (isteq(list[idx].n, ist("te")) && !isteq(list[idx].v, ist("trailers")))
 			goto fail;