Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 39faba79f254dac92668f4852db4ef67a8421658
commit39faba79f254dac92668f4852db4ef67a8421658[log] [tgz]
authorAmaury Denoyelle <adenoyelle@haproxy.com>Fri Aug 13 09:43:24 2021 +0200
committerWilly Tarreau <w@1wt.eu>Tue Aug 17 10:31:04 2021 +0200
treef021c581961bcdbd393e422793b82080ed788bec
parentb4934f044706e35a61de2e29b9d2a3ae7ae09f77 [diff]
REGTESTS: add a test to prevent h2 desync attacks

This test ensure that h2 pseudo headers are properly checked for invalid
characters and the host header is ignored if :authority is present. This
is necessary to prevent h2 desync attacks as described here
https://portswigger.net/research/http2

(cherry picked from commit 7ef244d73b073edf3d493ed826ca1b0233c330e0)
Signed-off-by: Willy Tarreau <w@1wt.eu>
1 file changed
tree: f021c581961bcdbd393e422793b82080ed788bec
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .travis.yml
  16. BRANCHES
  17. CHANGELOG
  18. CONTRIBUTING
  19. INSTALL
  20. LICENSE
  21. MAINTAINERS
  22. Makefile
  23. README
  24. ROADMAP
  25. SUBVERS
  26. VERDATE
  27. VERSION