BUG/MINOR: h2: reject response pseudo-headers from requests

At the moment there's only ":status". Let's block it early when parsing
the request. Otherwise it would be blocked by the HTTP/1 code anyway.
This silences another h2spec issue.

To backport to 1.8.

diff --git a/src/h2.c b/src/h2.c
index 41565c04bbd0da95d234aa5040c17839b0f123ad..83ef04363714b2eb77f442bbc9bad7f7e9c8cc43 100644 (file)
--- a/src/h2.c
+++ b/src/h2.c
@@ -212,6 +212,10 @@ int h2_make_h1_request(struct http_hdr *list, char *out, int osize)
                *(out++) = '\n';
        }
 
+       /* RFC7540#8.1.2.1 mandates to reject response pseudo-headers (:status) */
+       if (fields & H2_PHDR_FND_STAT)
+               goto fail;
+
        /* Let's dump the request now if not yet emitted. */
        if (!(fields & H2_PHDR_FND_NONE)) {
                ret = h2_prepare_h1_reqline(fields, phdr_val, &out, out_end);