The current tests in h2_make_htx_request(), h2_make_htx_response()
and h2_make_htx_trailers() check for an interval between 'A' and 'Z'
for letters in header field names that should be forbidden, but
mistakenly leave the 'Z' out of the forbidden range, resulting in it
being implicitly valid.
This has no real consequences but should be fixed for the sake of
protocol validity checking.
This must be backported to all relevant versions.
(cherry picked from commit
7163d9180cb319db087221a683c0f2d02ffbf0be)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
82b546ff936285f855a02378c38aed8168fd646f)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit
970a437c4b612ebb2acac75528dc9e32d1e1b412)
Signed-off-by: Willy Tarreau <w@1wt.eu>
phdr = h2_str_to_phdr(list[idx].n);
for (i = !!phdr; i < list[idx].n.len; i++)
- if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
+ if ((uint8_t)(list[idx].n.ptr[i] - 'A') <= 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
goto fail;
}
phdr = h2_str_to_phdr(list[idx].n);
for (i = !!phdr; i < list[idx].n.len; i++)
- if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
+ if ((uint8_t)(list[idx].n.ptr[i] - 'A') <= 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
goto fail;
}
* also catches pseudo-headers which are forbidden in trailers.
*/
for (i = 0; i < list[idx].n.len; i++)
- if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
+ if ((uint8_t)(list[idx].n.ptr[i] - 'A') <= 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
goto fail;
/* these ones are forbidden in trailers (RFC7540#8.1.2.2) */
projects / haproxy-3.0.git / commitdiff