BUG/MINOR: h2: reject response pseudo-headers from requests At the moment there's only ":status". Let's block it early when parsing the request. Otherwise it would be blocked by the HTTP/1 code anyway. This silences another h2spec issue. To backport to 1.8.

commit: 520886990fbc4d40bd7dd8d788d4e79326fc64c5 [log] [tgz]
author: Willy Tarreau <w@1wt.eu> Sun Dec 03 20:13:54 2017 +0100
committer: Willy Tarreau <w@1wt.eu> Sun Dec 03 21:08:43 2017 +0100
tree: d55bcf328d87397a0ffe7fd4b1742a95b47e23c9
parent: 92153fccd349762ca59ed2a6d0646515476217d2 [diff] [blame]
diff --git a/src/h2.c b/src/h2.c
index 41565c0..83ef043 100644
--- a/src/h2.c
+++ b/src/h2.c

@@ -212,6 +212,10 @@
 		*(out++) = '\n';
 	}
 
+	/* RFC7540#8.1.2.1 mandates to reject response pseudo-headers (:status) */
+	if (fields & H2_PHDR_FND_STAT)
+		goto fail;
+
 	/* Let's dump the request now if not yet emitted. */
 	if (!(fields & H2_PHDR_FND_NONE)) {
 		ret = h2_prepare_h1_reqline(fields, phdr_val, &out, out_end);
commit	520886990fbc4d40bd7dd8d788d4e79326fc64c5	[log] [tgz]
author	Willy Tarreau <w@1wt.eu>	Sun Dec 03 20:13:54 2017 +0100
committer	Willy Tarreau <w@1wt.eu>	Sun Dec 03 21:08:43 2017 +0100
tree	d55bcf328d87397a0ffe7fd4b1742a95b47e23c9
parent	92153fccd349762ca59ed2a6d0646515476217d2 [diff] [blame]