New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reject HTTP/2 header values with invalid characters #12760
Merged
Merged
Commits on Sep 20, 2022
-
Motivation: In https://datatracker.ietf.org/doc/html/rfc7540#section-10.3 it says that only certain characters are valid in a header value: > Any request or response that contains a character not permitted > in a header field value MUST be treated as malformed (Section 8.1.2.6). > Valid characters are defined by the "field-content" ABNF rule in > Section 3.2 of [RFC7230]. Modification: Add a header value validation step to HpackDecoder. Result: Header values are now validated against the Section 10.3, etc. rules.
Configuration menu - View commit details
-
Copy full SHA for 7804234 - Browse repository at this point
Copy the full SHA 7804234View commit details -
Configuration menu - View commit details
-
Copy full SHA for ba309af - Browse repository at this point
Copy the full SHA ba309afView commit details -
Configuration menu - View commit details
-
Copy full SHA for 7a64b63 - Browse repository at this point
Copy the full SHA 7a64b63View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1e50b06 - Browse repository at this point
Copy the full SHA 1e50b06View commit details -
Configuration menu - View commit details
-
Copy full SHA for 05fccc2 - Browse repository at this point
Copy the full SHA 05fccc2View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6167cb2 - Browse repository at this point
Copy the full SHA 6167cb2View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0cd6d05 - Browse repository at this point
Copy the full SHA 0cd6d05View commit details -
Configuration menu - View commit details
-
Copy full SHA for 392e6e0 - Browse repository at this point
Copy the full SHA 392e6e0View commit details -
Specialize validation in HpackDecoder since it only produce AsciiStri…
…ng header names and values
Configuration menu - View commit details
-
Copy full SHA for cdf3258 - Browse repository at this point
Copy the full SHA cdf3258View commit details -
Configuration menu - View commit details
-
Copy full SHA for fcd4f4f - Browse repository at this point
Copy the full SHA fcd4f4fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9cc54d6 - Browse repository at this point
Copy the full SHA 9cc54d6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 23620a6 - Browse repository at this point
Copy the full SHA 23620a6View commit details -
Configuration menu - View commit details
-
Copy full SHA for bd406d3 - Browse repository at this point
Copy the full SHA bd406d3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 73d119f - Browse repository at this point
Copy the full SHA 73d119fView commit details
Commits on Sep 21, 2022
-
Configuration menu - View commit details
-
Copy full SHA for e45ea6a - Browse repository at this point
Copy the full SHA e45ea6aView commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.