Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LWS in H1 header values may be stripped out when proxying. #10270

Closed
antoniovicente opened this issue Mar 5, 2020 · 7 comments · Fixed by #10886
Closed

LWS in H1 header values may be stripped out when proxying. #10270

antoniovicente opened this issue Mar 5, 2020 · 7 comments · Fixed by #10886
Assignees
@antoniovicente
Labels
area/http bug help wanted Needs help!

Comments

@antoniovicente
Copy link
Contributor

The code to strip out whitespace at the beginning and end of H1 header values is a bit too aggressive. It strips out spaces at the beginning and end of each chunk provided by the H1 parser to ConnectionImpl::onHeaderValue. Those chunks roughly map to either buffer slices or readv boundaries.

Sample request that reproduces the issue:

GET / HTTP/1.1
host: foo.com
k: v <32kb of spaces> v

Proxied request:
GET / HTTP/1.1
host: foo.com
k: vv
@mattklein123
Copy link
Member

cc @alyssawilk

@alyssawilk
Copy link
Contributor

Now that http_parser is fixed, we should just bump that dependency and remove the in-process workaround. It'll fix this bug and be less fragile anyway.

@antoniovicente
Copy link
Contributor Author

Do you know what change to nodejs/http-parser addresses this whitespace issue? I see several CVE related fixes in the parser, but none stands out as a change related to handling of whitespace. I'm going to try moving forward and see if tests for the CVE issue fail when I undo the changes to the codec.

@alyssawilk
Copy link
Contributor

alyssawilk commented Mar 11, 2020 via email

@antoniovicente
Copy link
Contributor Author

I tried upgrading to http-parser 2.9.3 which is the latest release from Feb 6th, I see test failures if I remove the trim change in codec_impl

@antoniovicente
Copy link
Contributor Author

The fix I see for trimming whitespace from header is on nodejs/node which uses a different H1 parser.

nodejs/node@fe39757

@antoniovicente
Copy link
Contributor Author

I'm looking into this, feel free to assign to me for now.

@antoniovicente antoniovicente mentioned this issue Apr 21, 2020
Merged
@jeremybaumont jeremybaumont mentioned this issue Jul 21, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@antoniovicente antoniovicente

Labels
area/http bug help wanted Needs help!
Projects
None yet
Milestone
No milestone
3 participants
@mattklein123 @alyssawilk @antoniovicente