BUG/MINOR: h2: reject response pseudo-headers from requests
At the moment there's only ":status". Let's block it early when parsing
the request. Otherwise it would be blocked by the HTTP/1 code anyway.
This silences another h2spec issue.
To backport to 1.8.
diff --git a/src/h2.c b/src/h2.c
index 41565c0..83ef043 100644
--- a/src/h2.c
+++ b/src/h2.c
@@ -212,6 +212,10 @@
*(out++) = '\n';
}
+ /* RFC7540#8.1.2.1 mandates to reject response pseudo-headers (:status) */
+ if (fields & H2_PHDR_FND_STAT)
+ goto fail;
+
/* Let's dump the request now if not yet emitted. */
if (!(fields & H2_PHDR_FND_NONE)) {
ret = h2_prepare_h1_reqline(fields, phdr_val, &out, out_end);