Skip to content

Commit

Permalink
Deny requerst if :authority field is invalid only with CONNECT method
Browse files Browse the repository at this point in the history
Copied-from: hyperium#613
  • Loading branch information
arthurlm committed Nov 3, 2023
1 parent ef743ec commit fe9b508
Showing 1 changed file with 21 additions and 7 deletions.
28 changes: 21 additions & 7 deletions src/server.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1527,13 +1527,27 @@ impl proto::Peer for Peer {
// header
if let Some(authority) = pseudo.authority {
let maybe_authority = uri::Authority::from_maybe_shared(authority.clone().into_inner());
parts.authority = Some(maybe_authority.or_else(|why| {
malformed!(
"malformed headers: malformed authority ({:?}): {}",
authority,
why,
)
})?);

// `:authority` is required only with `CONNECT` method.
// It should contains host and port. This is exactly what `uri::Authority` is
// going to parse.
//
// See: https://datatracker.ietf.org/doc/html/rfc7540#section-8.3
if is_connect {
if let Err(why) = &maybe_authority {
malformed!(
"malformed headers: malformed authority ({:?}): {}",
authority,
why,
);
}
}

// `authority` is not required in HTTP/2, so it is safe to keep it `None`
// in `parts`.
//
// See: https://datatracker.ietf.org/doc/html/rfc7540#section-8.1.2.3
parts.authority = maybe_authority.ok();
}

// A :scheme is required, except CONNECT.
Expand Down

0 comments on commit fe9b508

Please sign in to comment.