Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Do
Priority: Major
Fix Version/s: None
Affects Version/s: 2.2.3.Final
Component/s: Core
Labels:
None

Steps to Reproduce:

Hide

Any undertow instance using HTTP/2 - connect to it using a browser and request e.g. https://some.server.name/?test=^

Show
Any undertow instance using HTTP/2 - connect to it using a browser and request e.g. https://some.server.name/?test= ^
Release Note Text:
Undefined

Description

When using the character ^ as part of a query string (or path) the request is rejected with a protocol errors.

This seems to be HttpRequestParser.isTargetCharacterAllowed(char c) that uses the following table:

        for(int i = 0; i < 256; ++i) {
            if(i < 32 || i > 126) {
                ALLOWED_TARGET_CHARACTER[i] = false;
            } else {
                switch ((char)i) {
                    case '\"':
                    case '#':
                    case '<':
                    case '>':
                    case '\\':
                    case '^':
                    case '`':
                    case '{':
                    case '|':
                    case '}':
                        ALLOWED_TARGET_CHARACTER[i] = false;
                        break;
                    default:
                        ALLOWED_TARGET_CHARACTER[i] = true;
                }
            }
        }

The problem is that some older applications uses the ^ character as part of the query string and this works perfectly will with HTTP1.1 in Undertow, but not with HTTP/2 enabled.

I can understand that some of this was implemented to as a quick fix to guard against request smuggling but perhaps the check should not be this strict on the ":path" header ?

Attachments

Activity

People

Assignee:: Bartosz Baranowski

Reporter:: Kim Rasmussen (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2021/04/06 9:33 AM

Updated:: 2021/10/24 5:58 AM

Resolved:: 2021/04/13 5:21 AM