mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-07-30 18:16:30 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

HTTP/3: fixed handling of :authority and Host with port.
Some checks failed
buildbot / buildbot (push) Has been cancelled
Details

Browse Source 
RFC 9114, Section 4.3.1. specifies a restriction for :authority and Host
coexistence in an HTTP/3 request:

: If both fields are present, they MUST contain the same value.

Previously, this restriction was correctly enforced only for portless
values.  When Host contained a port, the request failed as if :authority
and Host were different, regardless of :authority presence.

This happens because the value of r->headers_in.server used for :authority
has port stripped.  The fix is to use r->host_start / r->host_end instead.
This commit is contained in:
Roman Arutyunyan 2025-06-26 20:19:59 +04:00 committed by Roman Arutyunyan
parent 3739fe94d1
commit 4da7711082
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/http/v3/ngx_http_v3_request.c
View File

@ -1003,6 +1003,7 @@ ngx_http_v3_process_request_header(ngx_http_request_t *r)
{
ssize_t n;
ngx_buf_t *b;
ngx_str_t host;
ngx_connection_t *c;
ngx_http_v3_session_t *h3c;
ngx_http_v3_srv_conf_t *h3scf;
@ -1034,11 +1035,13 @@ ngx_http_v3_process_request_header(ngx_http_request_t *r)
goto failed;
}
if (r->headers_in.host) {
if (r->headers_in.host->value.len != r->headers_in.server.len
|| ngx_memcmp(r->headers_in.host->value.data,
r->headers_in.server.data,
r->headers_in.server.len)
if (r->headers_in.host && r->host_end) {
host.len = r->host_end - r->host_start;
host.data = r->host_start;
if (r->headers_in.host->value.len != host.len
|| ngx_memcmp(r->headers_in.host->value.data, host.data, host.len)
!= 0)
{
ngx_log_error(NGX_LOG_INFO, c->log, 0,