Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-26974

(8.0.z) UNDERTOW-2374 - At Http2ReceiveListener.checkRequestHeaders do not check path chars when unescaped characters are allowed

XMLWordPrintable

      At that method, there is a block that iterates through the path

      // verify content of request pseudo-headers. Each header should only have a single value.
      if (headers.contains(PATH)) {
          for (byte b: headers.get(PATH).getFirst().getBytes(ISO_8859_1)) {
              if (!allowUnescapedCharactersInUrl && !HttpRequestParser.isTargetCharacterAllowed((char)b)){
                  return false;
              }
          }
      } 

      Iterating is unnecessary when allowUnescapedCharactersInUrl is true.

              rhn-engineering-lgao Lin Gao
              rhn-engineering-lgao Lin Gao
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: