svn commit: r1788771 - in /tomcat/trunk/java/org/apache/coyote/http2: LocalStrings.properties Stream.java

Sun, 26 Mar 2017 12:31:50 -0700 

Author: markt
Date: Sun Mar 26 19:31:25 2017
New Revision: 1788771

URL: http://svn.apache.org/viewvc?rev=1788771&view=rev
Log:
Additional header validation
Found with the h2spec tool written by Moto Ishizawa.

Modified:
    tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties
    tomcat/trunk/java/org/apache/coyote/http2/Stream.java

Modified: tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties?rev=1788771&r1=1788770&r2=1788771&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties Sun Mar 
26 19:31:25 2017
@@ -74,10 +74,12 @@ pingManager.roundTripTime=Connection [{0
 
 stream.closed=Connection [{0}], Stream [{1}], Unable to write to stream once 
it has been closed
 stream.header.case=Connection [{0}], Stream [{1}], HTTP header name [{2}] must 
be in lower case
+stream.header.connection=Connection [{0}], Stream [{1}], HTTP header 
[connection] is not permitted in an HTTP/2 request
 stream.header.debug=Connection [{0}], Stream [{1}], HTTP header [{2}], Value 
[{3}]
 stream.header.duplicate=Connection [{0}], Stream [{1}], received multiple 
[{3}] headers
 stream.header.noPath=Connection [{0}], Stream [{1}], The [:path] pseudo header 
was empty
 stream.header.required=Connection [{0}], Stream [{1}], One or more required 
headers was missing
+stream.header.te=Connection [{0}], Stream [{1}], HTTP header [te] is not 
permitted tohave the value [{2}] in an HTTP/2 request
 stream.header.unexpectedPseudoHeader=Connection [{0}], Stream [{1}], Pseudo 
header [{2}] received after a regular header
 stream.header.unknownPseudoHeader=Connection [{0}], Stream [{1}], Unknown 
pseudo header [{2}] received
 stream.notWritable=Connection [{0}], Stream [{1}], This stream is not writable

Modified: tomcat/trunk/java/org/apache/coyote/http2/Stream.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Stream.java?rev=1788771&r1=1788770&r2=1788771&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http2/Stream.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http2/Stream.java Sun Mar 26 19:31:25 
2017
@@ -233,6 +233,18 @@ class Stream extends AbstractStream impl
                     getConnectionId(), getIdentifier(), name));
         }
 
+        if ("connection".equals(name)) {
+            throw new HpackException(sm.getString("stream.header.connection",
+                    getConnectionId(), getIdentifier()));
+        }
+
+        if ("te".equals(name)) {
+            if (!"trailers".equals(value)) {
+                throw new HpackException(sm.getString("stream.header.te",
+                        getConnectionId(), getIdentifier(), value));
+            }
+        }
+
         if (headerStateErrorMsg != null) {
             // Don't bother processing the header since the stream is going to
             // be reset anyway



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to