HTTP/2: validate client request scheme.
The scheme is validated as per RFC 3986, Section 3.1.
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
index 77ebb84..a35140c 100644
--- a/src/http/v2/ngx_http_v2.c
+++ b/src/http/v2/ngx_http_v2.c
@@ -3474,6 +3474,9 @@
static ngx_int_t
ngx_http_v2_parse_scheme(ngx_http_request_t *r, ngx_str_t *value)
{
+ u_char c, ch;
+ ngx_uint_t i;
+
if (r->schema_start) {
ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
"client sent duplicate :scheme header");
@@ -3488,6 +3491,26 @@
return NGX_DECLINED;
}
+ for (i = 0; i < value->len; i++) {
+ ch = value->data[i];
+
+ c = (u_char) (ch | 0x20);
+ if (c >= 'a' && c <= 'z') {
+ continue;
+ }
+
+ if (((ch >= '0' && ch <= '9') || ch == '+' || ch == '-' || ch == '.')
+ && i > 0)
+ {
+ continue;
+ }
+
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "client sent invalid :scheme header: \"%V\"", value);
+
+ return NGX_DECLINED;
+ }
+
r->schema_start = value->data;
r->schema_end = value->data + value->len;