diff options
Diffstat (limited to 'src/http')
| -rw-r--r-- | src/http/v2/ngx_http_v2_filter_module.c | 12 | ||||
| -rw-r--r-- | src/http/v3/ngx_http_v3_parse.c | 6 | ||||
| -rw-r--r-- | src/http/v3/ngx_http_v3_request.c | 13 |
3 files changed, 21 insertions, 10 deletions
diff --git a/src/http/v2/ngx_http_v2_filter_module.c b/src/http/v2/ngx_http_v2_filter_module.c index 907906a88..6b73b1e68 100644 --- a/src/http/v2/ngx_http_v2_filter_module.c +++ b/src/http/v2/ngx_http_v2_filter_module.c @@ -32,7 +32,8 @@ static ngx_int_t ngx_http_v2_early_hints_filter(ngx_http_request_t *r); static ngx_int_t ngx_http_v2_init_stream(ngx_http_request_t *r); static ngx_http_v2_out_frame_t *ngx_http_v2_create_headers_frame( - ngx_http_request_t *r, u_char *pos, u_char *end, ngx_uint_t fin); + ngx_http_request_t *r, u_char *pos, u_char *end, ngx_uint_t fin, + ngx_uint_t flush); static ngx_http_v2_out_frame_t *ngx_http_v2_create_trailers_frame( ngx_http_request_t *r); @@ -609,7 +610,7 @@ ngx_http_v2_header_filter(ngx_http_request_t *r) fin = r->header_only || (r->headers_out.content_length_n == 0 && !r->expect_trailers); - frame = ngx_http_v2_create_headers_frame(r, start, pos, fin); + frame = ngx_http_v2_create_headers_frame(r, start, pos, fin, 0); if (frame == NULL) { return NGX_ERROR; } @@ -774,7 +775,7 @@ ngx_http_v2_early_hints_filter(ngx_http_request_t *r) header[i].value.len, tmp); } - frame = ngx_http_v2_create_headers_frame(r, start, pos, 0); + frame = ngx_http_v2_create_headers_frame(r, start, pos, 0, 1); if (frame == NULL) { return NGX_ERROR; } @@ -825,7 +826,7 @@ ngx_http_v2_init_stream(ngx_http_request_t *r) static ngx_http_v2_out_frame_t * ngx_http_v2_create_headers_frame(ngx_http_request_t *r, u_char *pos, - u_char *end, ngx_uint_t fin) + u_char *end, ngx_uint_t fin, ngx_uint_t flush) { u_char type, flags; size_t rest, frame_size; @@ -916,6 +917,7 @@ ngx_http_v2_create_headers_frame(ngx_http_request_t *r, u_char *pos, } b->last_buf = fin; + b->flush = flush; cl->next = NULL; frame->last = cl; @@ -1038,7 +1040,7 @@ ngx_http_v2_create_trailers_frame(ngx_http_request_t *r) header[i].value.len, tmp); } - return ngx_http_v2_create_headers_frame(r, start, pos, 1); + return ngx_http_v2_create_headers_frame(r, start, pos, 1, 0); } diff --git a/src/http/v3/ngx_http_v3_parse.c b/src/http/v3/ngx_http_v3_parse.c index 436765c8a..bcbf0dbe1 100644 --- a/src/http/v3/ngx_http_v3_parse.c +++ b/src/http/v3/ngx_http_v3_parse.c @@ -623,6 +623,12 @@ ngx_http_v3_parse_literal(ngx_connection_t *c, ngx_http_v3_parse_literal_t *st, } if (st->huffman) { + if (n > NGX_MAX_INT_T_VALUE / 8) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent too large field line"); + return NGX_HTTP_V3_ERR_EXCESSIVE_LOAD; + } + n = n * 8 / 5; st->huffstate = 0; } diff --git a/src/http/v3/ngx_http_v3_request.c b/src/http/v3/ngx_http_v3_request.c index e41ad50a8..32b11b598 100644 --- a/src/http/v3/ngx_http_v3_request.c +++ b/src/http/v3/ngx_http_v3_request.c @@ -1003,6 +1003,7 @@ ngx_http_v3_process_request_header(ngx_http_request_t *r) { ssize_t n; ngx_buf_t *b; + ngx_str_t host; ngx_connection_t *c; ngx_http_v3_session_t *h3c; ngx_http_v3_srv_conf_t *h3scf; @@ -1034,11 +1035,13 @@ ngx_http_v3_process_request_header(ngx_http_request_t *r) goto failed; } - if (r->headers_in.host) { - if (r->headers_in.host->value.len != r->headers_in.server.len - || ngx_memcmp(r->headers_in.host->value.data, - r->headers_in.server.data, - r->headers_in.server.len) + if (r->headers_in.host && r->host_end) { + + host.len = r->host_end - r->host_start; + host.data = r->host_start; + + if (r->headers_in.host->value.len != host.len + || ngx_memcmp(r->headers_in.host->value.data, host.data, host.len) != 0) { ngx_log_error(NGX_LOG_INFO, c->log, 0, |