HTTP/2: validate client request scheme. The scheme is validated as per RFC 3986, Section 3.1.

commit: b2e7a342d5938941c58a8fb86602c4ef0af8fa1b [log] [tgz]
author: Ruslan Ermilov <ru@nginx.com> Thu Jun 07 11:47:10 2018 +0300
committer: Ruslan Ermilov <ru@nginx.com> Thu Jun 07 11:47:10 2018 +0300
tree: bad44a8d75d94f5859329aa36a97b082e0738161
parent: 1491a1f3d17a90092a51452f5b0d9124d565249c [diff]
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
index 77ebb84..a35140c 100644
--- a/src/http/v2/ngx_http_v2.c
+++ b/src/http/v2/ngx_http_v2.c

@@ -3474,6 +3474,9 @@
 static ngx_int_t
 ngx_http_v2_parse_scheme(ngx_http_request_t *r, ngx_str_t *value)
 {
+    u_char      c, ch;
+    ngx_uint_t  i;
+
     if (r->schema_start) {
         ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
                       "client sent duplicate :scheme header");
@@ -3488,6 +3491,26 @@
         return NGX_DECLINED;
     }
 
+    for (i = 0; i < value->len; i++) {
+        ch = value->data[i];
+
+        c = (u_char) (ch | 0x20);
+        if (c >= 'a' && c <= 'z') {
+            continue;
+        }
+
+        if (((ch >= '0' && ch <= '9') || ch == '+' || ch == '-' || ch == '.')
+            && i > 0)
+        {
+            continue;
+        }
+
+        ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                      "client sent invalid :scheme header: \"%V\"", value);
+
+        return NGX_DECLINED;
+    }
+
     r->schema_start = value->data;
     r->schema_end = value->data + value->len;
commit	b2e7a342d5938941c58a8fb86602c4ef0af8fa1b	[log] [tgz]
author	Ruslan Ermilov <ru@nginx.com>	Thu Jun 07 11:47:10 2018 +0300
committer	Ruslan Ermilov <ru@nginx.com>	Thu Jun 07 11:47:10 2018 +0300
tree	bad44a8d75d94f5859329aa36a97b082e0738161
parent	1491a1f3d17a90092a51452f5b0d9124d565249c [diff]