File curl-http-lowercase-headernames-for-HTTP-2-and-HTTP-3.patch of Package curl-mini.31659
From 0023fce38d3bd6ee0e9b6ff8708fee1195057846 Mon Sep 17 00:00:00 2001
From: Barry Pollard <barry_pollard@hotmail.com>
Date: Sun, 22 Sep 2019 21:17:12 +0100
Subject: [PATCH] http: lowercase headernames for HTTP/2 and HTTP/3
Closes #4401
Fixes #4400
---
lib/http2.c | 4 ++-
lib/strcase.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++
lib/strcase.h | 2 ++
lib/vquic/ngtcp2.c | 4 ++-
lib/vquic/quiche.c | 4 ++-
5 files changed, 95 insertions(+), 3 deletions(-)
Index: curl-7.66.0/lib/http2.c
===================================================================
--- curl-7.66.0.orig/lib/http2.c
+++ curl-7.66.0/lib/http2.c
@@ -2024,8 +2024,10 @@ static ssize_t http2_send(struct connect
nva[i].namelen = strlen((char *)nva[i].name);
}
else {
- nva[i].name = (unsigned char *)hdbuf;
nva[i].namelen = (size_t)(end - hdbuf);
+ /* Lower case the header name for HTTP/2 */
+ Curl_strntolower((char *)hdbuf, hdbuf, nva[i].namelen);
+ nva[i].name = (unsigned char *)hdbuf;
}
hdbuf = end + 1;
while(*hdbuf == ' ' || *hdbuf == '\t')
Index: curl-7.66.0/lib/strcase.c
===================================================================
--- curl-7.66.0.orig/lib/strcase.c
+++ curl-7.66.0/lib/strcase.c
@@ -93,6 +93,75 @@ char Curl_raw_toupper(char in)
return in;
}
+
+/* Portable, consistent tolower (remember EBCDIC). Do not use tolower() because
+ its behavior is altered by the current locale. */
+char Curl_raw_tolower(char in)
+{
+#if !defined(CURL_DOES_CONVERSIONS)
+ if(in >= 'A' && in <= 'Z')
+ return (char)('a' + in - 'A');
+#else
+ switch(in) {
+ case 'A':
+ return 'a';
+ case 'B':
+ return 'b';
+ case 'C':
+ return 'c';
+ case 'D':
+ return 'd';
+ case 'E':
+ return 'e';
+ case 'F':
+ return 'f';
+ case 'G':
+ return 'g';
+ case 'H':
+ return 'h';
+ case 'I':
+ return 'i';
+ case 'J':
+ return 'j';
+ case 'K':
+ return 'k';
+ case 'L':
+ return 'l';
+ case 'M':
+ return 'm';
+ case 'N':
+ return 'n';
+ case 'O':
+ return 'o';
+ case 'P':
+ return 'p';
+ case 'Q':
+ return 'q';
+ case 'R':
+ return 'r';
+ case 'S':
+ return 's';
+ case 'T':
+ return 't';
+ case 'U':
+ return 'u';
+ case 'V':
+ return 'v';
+ case 'W':
+ return 'w';
+ case 'X':
+ return 'X';
+ case 'Y':
+ return 'y';
+ case 'Z':
+ return 'z';
+ }
+#endif
+
+ return in;
+}
+
+
/*
* Curl_strcasecompare() is for doing "raw" case insensitive strings. This is
* meant to be locale independent and only compare strings we know are safe
@@ -197,6 +266,21 @@ int Curl_timestrcmp(const char *a, const
return match;
}
+/* Copy a lower case version of the string from src to dest. The
+ * strings may overlap. No more than n characters of the string are copied
+ * (including any NUL) and the destination string will NOT be
+ * NUL-terminated if that limit is reached.
+ */
+void Curl_strntolower(char *dest, const char *src, size_t n)
+{
+ if(n < 1)
+ return;
+
+ do {
+ *dest++ = Curl_raw_tolower(*src);
+ } while(*src++ && --n);
+}
+
/* --- public functions --- */
int curl_strequal(const char *first, const char *second)
Index: curl-7.66.0/lib/strcase.h
===================================================================
--- curl-7.66.0.orig/lib/strcase.h
+++ curl-7.66.0/lib/strcase.h
@@ -40,12 +40,14 @@ int Curl_safe_strcasecompare(const char
int Curl_strncasecompare(const char *first, const char *second, size_t max);
char Curl_raw_toupper(char in);
+char Curl_raw_tolower(char in);
/* checkprefix() is a shorter version of the above, used when the first
argument is zero-byte terminated */
#define checkprefix(a,b) curl_strnequal(a,b,strlen(a))
void Curl_strntoupper(char *dest, const char *src, size_t n);
+void Curl_strntolower(char *dest, const char *src, size_t n);
bool Curl_safecmp(char *a, char *b);
int Curl_timestrcmp(const char *first, const char *second);
Index: curl-7.66.0/lib/vquic/ngtcp2.c
===================================================================
--- curl-7.66.0.orig/lib/vquic/ngtcp2.c
+++ curl-7.66.0/lib/vquic/ngtcp2.c
@@ -1202,8 +1202,10 @@ static CURLcode http_request(struct conn
nva[i].namelen = strlen((char *)nva[i].name);
}
else {
- nva[i].name = (unsigned char *)hdbuf;
nva[i].namelen = (size_t)(end - hdbuf);
+ /* Lower case the header name for HTTP/3 */
+ Curl_strntolower((char *)hdbuf, hdbuf, nva[i].namelen);
+ nva[i].name = (unsigned char *)hdbuf;
}
nva[i].flags = NGHTTP3_NV_FLAG_NONE;
hdbuf = end + 1;
Index: curl-7.66.0/lib/vquic/quiche.c
===================================================================
--- curl-7.66.0.orig/lib/vquic/quiche.c
+++ curl-7.66.0/lib/vquic/quiche.c
@@ -646,8 +646,10 @@ static CURLcode http_request(struct conn
nva[i].name_len = strlen((char *)nva[i].name);
}
else {
- nva[i].name = (unsigned char *)hdbuf;
nva[i].name_len = (size_t)(end - hdbuf);
+ /* Lower case the header name for HTTP/3 */
+ Curl_strntolower((char *)hdbuf, hdbuf, nva[i].name_len);
+ nva[i].name = (unsigned char *)hdbuf;
}
hdbuf = end + 1;
while(*hdbuf == ' ' || *hdbuf == '\t')