mirrors/uquic
1
0
Fork 0
mirror of https://github.com/refraction-networking/uquic.git synced 2025-04-03 04:07:35 +03:00
Code Issues Projects Releases Packages Wiki Activity

http3: reject responses that don't set the :status header (#3975)

Browse source
This commit is contained in:
Marten Seemann 2023-07-18 22:26:46 -07:00 committed by GitHub
parent 5d59c3059f
commit b6dbfc8c06
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
http3/headers.go
View file

@ -177,6 +177,9 @@ func responseFromHeaders(headerFields []qpack.HeaderField) (*http.Response, erro
if err != nil {
return nil, err
}
if hdr.Status == "" {
return nil, errors.New("missing status field")
}
rsp := &http.Response{
Proto: "HTTP/3.0",
ProtoMajor: 3,

8
http3/headers_test.go
View file

@ -317,6 +317,14 @@ var _ = Describe("Response", func() {
Expect(err).To(MatchError("received pseudo header :status after a regular header field"))
})
It("rejects response with no status field", func() {
headers := []qpack.HeaderField{
{Name: "content-length", Value: "42"},
}
_, err := responseFromHeaders(headers)
Expect(err).To(MatchError("missing status field"))
})
It("rejects invalid status codes", func() {
headers := []qpack.HeaderField{
{Name: ":status", Value: "foobar"},