BUG/MEDIUM: h2: do not accept upper case letters in request header names
This is explicitly forbidden by 7540#8.1.2, and may be used to bypass
some of the other filters, so they must be blocked early. It removes
another issue reported by h2spec.
To backport to 1.8.
diff --git a/src/h2.c b/src/h2.c
index 64f27fe..43ed7f3 100644
--- a/src/h2.c
+++ b/src/h2.c
@@ -133,6 +133,7 @@
int ck, lck; /* cookie index and last cookie index */
int phdr;
int ret;
+ int i;
lck = ck = -1; // no cookie for now
fields = 0;
@@ -143,6 +144,11 @@
}
else {
/* this can be any type of header */
+ /* RFC7540#8.1.2: upper case not allowed in header field names */
+ for (i = 0; i < list[idx].n.len; i++)
+ if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A')
+ goto fail;
+
phdr = h2_str_to_phdr(list[idx].n);
}