projects / haproxy-2.5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b5d2b9e) | patch
REGTESTS: add a test to prevent h2 desync attacks
authorAmaury Denoyelle <adenoyelle@haproxy.com>
Fri, 13 Aug 2021 07:43:24 +0000 (09:43 +0200)
committerWilly Tarreau <w@1wt.eu>
Tue, 17 Aug 2021 08:22:20 +0000 (10:22 +0200)
commit7ef244d73b073edf3d493ed826ca1b0233c330e0
tree1a3553edc026e7fe835f44199c51a3fc7d30ad01tree | snapshot
parentb5d2b9e154d78e4075db163826c5e0f6d31b2ab1commit | diff
REGTESTS: add a test to prevent h2 desync attacks

This test ensure that h2 pseudo headers are properly checked for invalid
characters and the host header is ignored if :authority is present. This
is necessary to prevent h2 desync attacks as described here
https://portswigger.net/research/http2
reg-tests/http-messaging/h2_desync_attacks.vtc [new file with mode: 0644] blob
haproxy-2.5 public tree. Stable production code.