# HG changeset patch # User Piotr Sikora <[email protected]> # Date 1490516709 25200 # Sun Mar 26 01:25:09 2017 -0700 # Node ID e2abc3bc3fc12b788d2631d3c47215acdc4ebbe6 # Parent 6263d68cb96042d8f8974a4a3945226227ce13b9 HTTP/2: reject HTTP/2 requests with connection-specific headers.
Signed-off-by: Piotr Sikora <[email protected]> diff -r 6263d68cb960 -r e2abc3bc3fc1 src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -19,6 +19,8 @@ static ngx_int_t ngx_http_alloc_large_he static ngx_int_t ngx_http_process_header_line(ngx_http_request_t *r, ngx_table_elt_t *h, ngx_uint_t offset); +static ngx_int_t ngx_http_process_http1_header_line(ngx_http_request_t *r, + ngx_table_elt_t *h, ngx_uint_t offset); static ngx_int_t ngx_http_process_unique_header_line(ngx_http_request_t *r, ngx_table_elt_t *h, ngx_uint_t offset); static ngx_int_t ngx_http_process_multi_header_lines(ngx_http_request_t *r, @@ -146,7 +148,7 @@ ngx_http_header_t ngx_http_headers_in[] { ngx_string("Upgrade"), offsetof(ngx_http_headers_in_t, upgrade), - ngx_http_process_header_line }, + ngx_http_process_http1_header_line }, #if (NGX_HTTP_GZIP) { ngx_string("Accept-Encoding"), @@ -161,8 +163,13 @@ ngx_http_header_t ngx_http_headers_in[] offsetof(ngx_http_headers_in_t, authorization), ngx_http_process_unique_header_line }, - { ngx_string("Keep-Alive"), offsetof(ngx_http_headers_in_t, keep_alive), - ngx_http_process_header_line }, + { ngx_string("Keep-Alive"), + offsetof(ngx_http_headers_in_t, keep_alive), + ngx_http_process_http1_header_line }, + + { ngx_string("Proxy-Connection"), + offsetof(ngx_http_headers_in_t, proxy_connection), + ngx_http_process_http1_header_line }, #if (NGX_HTTP_X_FORWARDED_FOR) { ngx_string("X-Forwarded-For"), @@ -1618,6 +1625,35 @@ ngx_http_process_header_line(ngx_http_re static ngx_int_t +ngx_http_process_http1_header_line(ngx_http_request_t *r, ngx_table_elt_t *h, + ngx_uint_t offset) +{ + ngx_table_elt_t **ph; + + ph = (ngx_table_elt_t **) ((char *) &r->headers_in + offset); + + if (*ph == NULL) { + *ph = h; + } + +#if (NGX_HTTP_V2) + + if (r->stream) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent HTTP/2 request with \"%V\" header", + &h->key); + + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return NGX_ERROR; + } + +#endif + + return NGX_OK; +} + + +static ngx_int_t ngx_http_process_unique_header_line(ngx_http_request_t *r, ngx_table_elt_t *h, ngx_uint_t offset) { diff -r 6263d68cb960 -r e2abc3bc3fc1 src/http/ngx_http_request.h --- a/src/http/ngx_http_request.h +++ b/src/http/ngx_http_request.h @@ -209,6 +209,7 @@ typedef struct { ngx_table_elt_t *authorization; ngx_table_elt_t *keep_alive; + ngx_table_elt_t *proxy_connection; #if (NGX_HTTP_X_FORWARDED_FOR) ngx_array_t x_forwarded_for; _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
