reject connection-specific headers (#173)

- When receiving, return a PROTOCOL_ERROR. - When sending, return a user error about malformed headers. Closes #36
2017-11-14 11:16:29 -08:00
parent 05abb686cf
commit 79003d0d45
6 changed files with 114 additions and 2 deletions
--- a/src/codec/error.rs
+++ b/src/codec/error.rs
@@ -44,6 +44,9 @@ pub enum UserError {
    ///
    /// A new connection is needed.
    OverflowedStreamId,
+
+    /// Illegal headers, such as connection-specific headers.
+    MalformedHeaders,
 }

 // ===== impl RecvError =====
@@ -121,6 +124,7 @@ impl error::Error for UserError {
            Rejected => "rejected",
            ReleaseCapacityTooBig => "release capacity too big",
            OverflowedStreamId => "stream ID overflowed",
+            MalformedHeaders => "malformed headers",
        }
    }
 }
--- a/src/frame/headers.rs
+++ b/src/frame/headers.rs
@@ -635,7 +635,12 @@ impl HeaderBlock {
                    // Connection level header fields are not supported and must
                    // result in a protocol error.

-                    if name == header::CONNECTION {
+                    if name == header::CONNECTION
+                        || name == header::TRANSFER_ENCODING
+                        || name == header::UPGRADE
+                        || name == "keep-alive"
+                        || name == "proxy-connection"
+                    {
                        trace!("load_hpack; connection level header");
                        malformed = true;
                    } else if name == header::TE && value != "trailers" {
--- a/src/proto/streams/send.rs
+++ b/src/proto/streams/send.rs
@@ -1,3 +1,4 @@
+use http;
 use super::*;
 use codec::{RecvError, UserError};
 use codec::UserError::*;
@@ -56,6 +57,25 @@ impl Send {
            self.init_window_sz
        );

+        // 8.1.2.2. Connection-Specific Header Fields
+        if frame.fields().contains_key(http::header::CONNECTION)
+            || frame.fields().contains_key(http::header::TRANSFER_ENCODING)
+            || frame.fields().contains_key(http::header::UPGRADE)
+            || frame.fields().contains_key("keep-alive")
+            || frame.fields().contains_key("proxy-connection")
+        {
+            debug!("illegal connection-specific headers found");
+            return Err(UserError::MalformedHeaders);
+        } else if let Some(te) = frame.fields().get(http::header::TE) {
+            if te != "trailers" {
+                debug!("illegal connection-specific headers found");
+                return Err(UserError::MalformedHeaders);
+
+            }
+        }
+
+
+
        let end_stream = frame.is_end_stream();

        // Update the state