Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-26972

(7.4.z) UNDERTOW-2374 - At Http2ReceiveListener.checkRequestHeaders do not check path chars when unescaped characters are allowed

XMLWordPrintable

      At that method, there is a block that iterates through the path

      // verify content of request pseudo-headers. Each header should only have a single value.
      if (headers.contains(PATH)) {
          for (byte b: headers.get(PATH).getFirst().getBytes(ISO_8859_1)) {
              if (!allowUnescapedCharactersInUrl && !HttpRequestParser.isTargetCharacterAllowed((char)b)){
                  return false;
              }
          }
      } 

      Iterating is unnecessary when allowUnescapedCharactersInUrl is true.

            rhn-engineering-lgao Lin Gao
            rhn-engineering-lgao Lin Gao
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: