Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-4019

Headers passed via HTTP/2 should be validated before passing to FetchSM

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.1.0
    • Component/s: HTTP/2
    • Labels:
      None

      Description

      HTTP/2 header fields which contain invalid characters must not be passed to an origin server via HTTP/1.1, and it must be treated as a protocol error.

      10.3. Intermediary Encapsulation Attacks

      The HTTP/2 header field encoding allows the expression of names that
      are not valid field names in the Internet Message Syntax used by
      HTTP/1.1. Requests or responses containing invalid header field
      names MUST be treated as malformed (Section 8.1.2.6). An
      intermediary therefore cannot translate an HTTP/2 request or response
      containing an invalid field name into an HTTP/1.1 message.

      Similarly, HTTP/2 allows header field values that are not valid.
      While most of the values that can be encoded will not alter header
      field parsing, carriage return (CR, ASCII 0xd), line feed (LF, ASCII
      0xa), and the zero character (NUL, ASCII 0x0) might be exploited by
      an attacker if they are translated verbatim. Any request or response
      that contains a character not permitted in a header field value MUST
      be treated as malformed (Section 8.1.2.6). Valid characters are
      defined by the "field-content" ABNF rule in Section 3.2 of [RFC7230].

      https://tools.ietf.org/html/rfc7540#section-10.3

        Attachments

          Activity

            People

            • Assignee:
              bcall Bryan Call
              Reporter:
              maskit Masakazu Kitajo
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: