mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-07-20 19:27:29 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

HTTP/3: fixed handling :authority and Host with port.

Browse Source 
RFC 9114, Section 4.3.1. specifies a  restriciton for :authority and Host
coexistence in an HTTP/3 request:

: If both fields are present, they MUST contain the same value.

Currently this restriction is correctly enforced for portless values.
However when a port is specified, the request fails as if :authority and
Host are different.  Also, if no :authority is passed, but Host contains
a port, the request fails as well.

This happens because the value of r->headers_in.server used for :authority
has port stripped.  The fix is to use r->host_start / r->host_end instead.
This commit is contained in:
Roman Arutyunyan 2025-06-26 20:19:59 +04:00
parent d1843e1d9b
commit 7344f54d1d
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/http/v3/ngx_http_v3_request.c
View File

@ -1034,11 +1034,11 @@ ngx_http_v3_process_request_header(ngx_http_request_t *r)
goto failed; goto failed;
} }
if (r->headers_in.host) { if (r->headers_in.host && r->host_end) {
if (r->headers_in.host->value.len != r->headers_in.server.len if (r->headers_in.host->value.len !=
(size_t) (r->host_end - r->host_start)
|| ngx_memcmp(r->headers_in.host->value.data, || ngx_memcmp(r->headers_in.host->value.data,
r->headers_in.server.data, r->host_start, r->host_end - r->host_start)
r->headers_in.server.len)
!= 0) != 0)
{ {
ngx_log_error(NGX_LOG_INFO, c->log, 0, ngx_log_error(NGX_LOG_INFO, c->log, 0,