diff options
| author | Roman Arutyunyan <arut@nginx.com> | 2026-04-08 17:19:24 +0400 |
|---|---|---|
| committer | Roman Arutyunyan <arutyunyan.roman@gmail.com> | 2026-04-14 09:53:13 +0400 |
| commit | d3a76322cf7abedb32b8216d1e5c0cef4858e4d4 (patch) | |
| tree | a3efc33a7486dae0450ce0ebf7f05c0b833565e9 /src/http/v2 | |
| parent | 00979ba9d843be266529067285b635070f2d1993 (diff) | |
| download | nginx-d3a76322cf7abedb32b8216d1e5c0cef4858e4d4.tar.gz nginx-d3a76322cf7abedb32b8216d1e5c0cef4858e4d4.tar.bz2 | |
Restrict connection-specific headers in HTTP/2 and HTTP/3
As per RFC 9113 and RFC 9114, any message containing such headers MUST be
treated as malformed.
As per RFC 9110, Section 7.6.1, the following headers are considered
connection-specific:
- Connection
- Proxy-Connection
- Keep-Alive
- TE
- Transfer-Encoding
- Upgrade
The only exception is the TE header field, which MAY be present in a
request header, but it MUST NOT contain any value other than "trailers".
Diffstat (limited to 'src/http/v2')
| -rw-r--r-- | src/http/v2/ngx_http_v2.c | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c index efe22903f..336718bad 100644 --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -3820,6 +3820,45 @@ ngx_http_v2_run_request(ngx_http_request_t *r) r->http_state = NGX_HTTP_PROCESS_REQUEST_STATE; + if (r->headers_in.connection) { + ngx_log_error(NGX_LOG_INFO, fc->log, 0, + "client sent \"Connection\" header"); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + goto failed; + } + + if (r->headers_in.keep_alive) { + ngx_log_error(NGX_LOG_INFO, fc->log, 0, + "client sent \"Keep-Alive\" header"); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + goto failed; + } + + if (r->headers_in.transfer_encoding) { + ngx_log_error(NGX_LOG_INFO, fc->log, 0, + "client sent \"Transfer-Encoding\" header"); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + goto failed; + } + + if (r->headers_in.upgrade) { + ngx_log_error(NGX_LOG_INFO, fc->log, 0, + "client sent \"Upgrade\" header"); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + goto failed; + } + + if (r->headers_in.te + && (r->headers_in.te->value.len != 8 + || ngx_strncasecmp(r->headers_in.te->value.data, + (u_char *) "trailers", 8) != 0)) + { + ngx_log_error(NGX_LOG_INFO, fc->log, 0, + "client sent invalid \"TE\" header"); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + goto failed; + } + if (r->headers_in.server.len == 0) { ngx_log_error(NGX_LOG_INFO, fc->log, 0, "client sent neither \":authority\" nor \"Host\" header"); |