BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid

a-denoyelle · capflam · commit 5ddc4004cb0c · 2024-07-03T08:45:10.000+02:00
Ensure pseudo-header scheme is only constitued of valid characters according to RFC 9110. If an invalid value is found, the request is rejected and stream is resetted. It's the same as for previous commit "BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid" except that this time it applies to the ":scheme" pseudo header. This must be backported up to 2.6. (cherry picked from commit a3bed52) Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/h3.c b/src/h3.c
@@ -675,6 +675,15 @@ static ssize_t h3_headers_to_htx(struct qcs *qcs, const struct buffer *buf,
 				len = -1;
 				goto out;
 			}
+
+			if (!http_validate_scheme(list[hdr_idx].v)) {
+				TRACE_ERROR("invalid scheme pseudo-header", H3_EV_RX_FRAME|H3_EV_RX_HDR, qcs->qcc->conn, qcs);
+				h3s->err = H3_ERR_MESSAGE_ERROR;
+				qcc_report_glitch(h3c->qcc, 1);
+				len = -1;
+				goto out;
+			}
+
 			scheme = list[hdr_idx].v;
 		}
 		else if (isteq(list[hdr_idx].n, ist(":authority"))) {
