diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2019-11-11 09:56:23 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2019-11-12 09:44:24 +0100 |
| commit | b3eb7d172aab6c7f423aea2f97c27099d6b65f7a (patch) | |
| tree | 85ba74c547351b2626899ddd8b2acec0f6fbeb21 /lib | |
| parent | 8686aab69402ccad4bde0c2d73ec18e503ca11fd (diff) | |
| download | curl-b3eb7d172aab6c7f423aea2f97c27099d6b65f7a.tar.gz | |
quiche: reject headers in the wrong order
Pseudo header MUST come before regular headers or cause an error.
Reported-by: Cynthia Coan
Fixes #4571
Closes #4584
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/strerror.c | 4 | ||||
| -rw-r--r-- | lib/vquic/quiche.c | 7 |
2 files changed, 9 insertions, 2 deletions
diff --git a/lib/strerror.c b/lib/strerror.c index 7aaa9f4a7..90e8a3131 100644 --- a/lib/strerror.c +++ b/lib/strerror.c @@ -314,8 +314,10 @@ curl_easy_strerror(CURLcode error) case CURLE_AUTH_ERROR: return "An authentication function returned an error"; + case CURLE_HTTP3: + return "HTTP/3 error"; + /* error codes not used by current libcurl */ - case CURLE_OBSOLETE20: case CURLE_OBSOLETE24: case CURLE_OBSOLETE29: case CURLE_OBSOLETE32: diff --git a/lib/vquic/quiche.c b/lib/vquic/quiche.c index 0ee360d07..6f9a72579 100644 --- a/lib/vquic/quiche.c +++ b/lib/vquic/quiche.c @@ -379,6 +379,9 @@ static int cb_each_header(uint8_t *name, size_t name_len, headers->destlen, "HTTP/3 %.*s\n", (int) value_len, value); } + else if(!headers->nlen) { + return CURLE_HTTP3; + } else { msnprintf(headers->dest, headers->destlen, "%.*s: %.*s\n", @@ -433,7 +436,9 @@ static ssize_t h3_stream_recv(struct connectdata *conn, case QUICHE_H3_EVENT_HEADERS: rc = quiche_h3_event_for_each_header(ev, cb_each_header, &headers); if(rc) { - /* what do we do about this? */ + *curlcode = rc; + failf(data, "Error in HTTP/3 response header"); + break; } recvd = headers.nlen; break; |