diff options
author | Barry Pollard <barry_pollard@hotmail.com> | 2019-09-22 21:17:12 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2019-09-23 22:33:31 +0200 |
commit | 0023fce38d3bd6ee0e9b6ff8708fee1195057846 (patch) | |
tree | 32947dcf8bf1767126f2dfbfffeb150752a1450b | |
parent | 527461285f54bca59356e2c550d55ed9606e96d1 (diff) |
http: lowercase headernames for HTTP/2 and HTTP/3
Closes #4401
Fixes #4400
-rw-r--r-- | lib/http2.c | 4 | ||||
-rw-r--r-- | lib/strcase.c | 84 | ||||
-rw-r--r-- | lib/strcase.h | 2 | ||||
-rw-r--r-- | lib/vquic/ngtcp2.c | 4 | ||||
-rw-r--r-- | lib/vquic/quiche.c | 4 |
5 files changed, 95 insertions, 3 deletions
diff --git a/lib/http2.c b/lib/http2.c index 47583265d..b33782cc3 100644 --- a/lib/http2.c +++ b/lib/http2.c @@ -2026,8 +2026,10 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex, nva[i].namelen = strlen((char *)nva[i].name); } else { - nva[i].name = (unsigned char *)hdbuf; nva[i].namelen = (size_t)(end - hdbuf); + /* Lower case the header name for HTTP/2 */ + Curl_strntolower((char *)hdbuf, hdbuf, nva[i].namelen); + nva[i].name = (unsigned char *)hdbuf; } hdbuf = end + 1; while(*hdbuf == ' ' || *hdbuf == '\t') diff --git a/lib/strcase.c b/lib/strcase.c index 24bcca932..098cec7a8 100644 --- a/lib/strcase.c +++ b/lib/strcase.c @@ -93,6 +93,75 @@ char Curl_raw_toupper(char in) return in; } + +/* Portable, consistent tolower (remember EBCDIC). Do not use tolower() because + its behavior is altered by the current locale. */ +char Curl_raw_tolower(char in) +{ +#if !defined(CURL_DOES_CONVERSIONS) + if(in >= 'A' && in <= 'Z') + return (char)('a' + in - 'A'); +#else + switch(in) { + case 'A': + return 'a'; + case 'B': + return 'b'; + case 'C': + return 'c'; + case 'D': + return 'd'; + case 'E': + return 'e'; + case 'F': + return 'f'; + case 'G': + return 'g'; + case 'H': + return 'h'; + case 'I': + return 'i'; + case 'J': + return 'j'; + case 'K': + return 'k'; + case 'L': + return 'l'; + case 'M': + return 'm'; + case 'N': + return 'n'; + case 'O': + return 'o'; + case 'P': + return 'p'; + case 'Q': + return 'q'; + case 'R': + return 'r'; + case 'S': + return 's'; + case 'T': + return 't'; + case 'U': + return 'u'; + case 'V': + return 'v'; + case 'W': + return 'w'; + case 'X': + return 'X'; + case 'Y': + return 'y'; + case 'Z': + return 'z'; + } +#endif + + return in; +} + + /* * Curl_strcasecompare() is for doing "raw" case insensitive strings. This is * meant to be locale independent and only compare strings we know are safe @@ -165,6 +234,21 @@ void Curl_strntoupper(char *dest, const char *src, size_t n) } while(*src++ && --n); } +/* Copy a lower case version of the string from src to dest. The + * strings may overlap. No more than n characters of the string are copied + * (including any NUL) and the destination string will NOT be + * NUL-terminated if that limit is reached. + */ +void Curl_strntolower(char *dest, const char *src, size_t n) +{ + if(n < 1) + return; + + do { + *dest++ = Curl_raw_tolower(*src); + } while(*src++ && --n); +} + /* --- public functions --- */ int curl_strequal(const char *first, const char *second) diff --git a/lib/strcase.h b/lib/strcase.h index 6fee3840e..2f07a74c9 100644 --- a/lib/strcase.h +++ b/lib/strcase.h @@ -40,11 +40,13 @@ int Curl_safe_strcasecompare(const char *first, const char *second); int Curl_strncasecompare(const char *first, const char *second, size_t max); char Curl_raw_toupper(char in); +char Curl_raw_tolower(char in); /* checkprefix() is a shorter version of the above, used when the first argument is zero-byte terminated */ #define checkprefix(a,b) curl_strnequal(a,b,strlen(a)) void Curl_strntoupper(char *dest, const char *src, size_t n); +void Curl_strntolower(char *dest, const char *src, size_t n); #endif /* HEADER_CURL_STRCASE_H */ diff --git a/lib/vquic/ngtcp2.c b/lib/vquic/ngtcp2.c index 5fd07f7e8..cdba49b75 100644 --- a/lib/vquic/ngtcp2.c +++ b/lib/vquic/ngtcp2.c @@ -1201,8 +1201,10 @@ static CURLcode http_request(struct connectdata *conn, const void *mem, nva[i].namelen = strlen((char *)nva[i].name); } else { - nva[i].name = (unsigned char *)hdbuf; nva[i].namelen = (size_t)(end - hdbuf); + /* Lower case the header name for HTTP/3 */ + Curl_strntolower((char *)hdbuf, hdbuf, nva[i].namelen); + nva[i].name = (unsigned char *)hdbuf; } nva[i].flags = NGHTTP3_NV_FLAG_NONE; hdbuf = end + 1; diff --git a/lib/vquic/quiche.c b/lib/vquic/quiche.c index 4d53d1535..b5548cc2f 100644 --- a/lib/vquic/quiche.c +++ b/lib/vquic/quiche.c @@ -646,8 +646,10 @@ static CURLcode http_request(struct connectdata *conn, const void *mem, nva[i].name_len = strlen((char *)nva[i].name); } else { - nva[i].name = (unsigned char *)hdbuf; nva[i].name_len = (size_t)(end - hdbuf); + /* Lower case the header name for HTTP/3 */ + Curl_strntolower((char *)hdbuf, hdbuf, nva[i].name_len); + nva[i].name = (unsigned char *)hdbuf; } hdbuf = end + 1; while(*hdbuf == ' ' || *hdbuf == '\t') |