From 6fb9bdad6a811f00388044a89d322fbdfd072606 Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Tue, 10 Aug 2021 12:35:12 +0300
Subject: [PATCH] HTTP/3: disabled control characters and space in header
 names.

This is a follow up to 41f4bd4c51f1.
---
 src/http/v3/ngx_http_v3_request.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/http/v3/ngx_http_v3_request.c b/src/http/v3/ngx_http_v3_request.c
index f45a7b95e..1fcbad1de 100644
--- a/src/http/v3/ngx_http_v3_request.c
+++ b/src/http/v3/ngx_http_v3_request.c
@@ -428,7 +428,7 @@ ngx_http_v3_validate_header(ngx_http_request_t *r, ngx_str_t *name,
             continue;
         }
 
-        if (ch == '\0' || ch == LF || ch == CR || ch == ':'
+        if (ch <= 0x20 || ch == 0x7f || ch == ':'
             || (ch >= 'A' && ch <= 'Z'))
         {
             ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,