File curl-http-lowercase-headernames-for-HTTP-2-and-HTTP-3.patch of Package curl.33127

From 0023fce38d3bd6ee0e9b6ff8708fee1195057846 Mon Sep 17 00:00:00 2001
From: Barry Pollard <barry_pollard@hotmail.com>
Date: Sun, 22 Sep 2019 21:17:12 +0100
Subject: [PATCH] http: lowercase headernames for HTTP/2 and HTTP/3

Closes #4401
Fixes #4400
---
 lib/http2.c        |  4 ++-
 lib/strcase.c      | 84 ++++++++++++++++++++++++++++++++++++++++++++++
 lib/strcase.h      |  2 ++
 lib/vquic/ngtcp2.c |  4 ++-
 lib/vquic/quiche.c |  4 ++-
 5 files changed, 95 insertions(+), 3 deletions(-)

Index: curl-7.66.0/lib/http2.c
===================================================================
--- curl-7.66.0.orig/lib/http2.c
+++ curl-7.66.0/lib/http2.c
@@ -2024,8 +2024,10 @@ static ssize_t http2_send(struct connect
       nva[i].namelen = strlen((char *)nva[i].name);
     }
     else {
-      nva[i].name = (unsigned char *)hdbuf;
       nva[i].namelen = (size_t)(end - hdbuf);
+      /* Lower case the header name for HTTP/2 */
+      Curl_strntolower((char *)hdbuf, hdbuf, nva[i].namelen);
+      nva[i].name = (unsigned char *)hdbuf;
     }
     hdbuf = end + 1;
     while(*hdbuf == ' ' || *hdbuf == '\t')
Index: curl-7.66.0/lib/strcase.c
===================================================================
--- curl-7.66.0.orig/lib/strcase.c
+++ curl-7.66.0/lib/strcase.c
@@ -93,6 +93,75 @@ char Curl_raw_toupper(char in)
   return in;
 }
 
+
+/* Portable, consistent tolower (remember EBCDIC). Do not use tolower() because
+   its behavior is altered by the current locale. */
+char Curl_raw_tolower(char in)
+{
+#if !defined(CURL_DOES_CONVERSIONS)
+  if(in >= 'A' && in <= 'Z')
+    return (char)('a' + in - 'A');
+#else
+  switch(in) {
+  case 'A':
+    return 'a';
+  case 'B':
+    return 'b';
+  case 'C':
+    return 'c';
+  case 'D':
+    return 'd';
+  case 'E':
+    return 'e';
+  case 'F':
+    return 'f';
+  case 'G':
+    return 'g';
+  case 'H':
+    return 'h';
+  case 'I':
+    return 'i';
+  case 'J':
+    return 'j';
+  case 'K':
+    return 'k';
+  case 'L':
+    return 'l';
+  case 'M':
+    return 'm';
+  case 'N':
+    return 'n';
+  case 'O':
+    return 'o';
+  case 'P':
+    return 'p';
+  case 'Q':
+    return 'q';
+  case 'R':
+    return 'r';
+  case 'S':
+    return 's';
+  case 'T':
+    return 't';
+  case 'U':
+    return 'u';
+  case 'V':
+    return 'v';
+  case 'W':
+    return 'w';
+  case 'X':
+    return 'X';
+  case 'Y':
+    return 'y';
+  case 'Z':
+    return 'z';
+  }
+#endif
+
+  return in;
+}
+
+
 /*
  * Curl_strcasecompare() is for doing "raw" case insensitive strings. This is
  * meant to be locale independent and only compare strings we know are safe
@@ -197,6 +266,21 @@ int Curl_timestrcmp(const char *a, const
   return match;
 }
 
+/* Copy a lower case version of the string from src to dest.  The
+ * strings may overlap.  No more than n characters of the string are copied
+ * (including any NUL) and the destination string will NOT be
+ * NUL-terminated if that limit is reached.
+ */
+void Curl_strntolower(char *dest, const char *src, size_t n)
+{
+  if(n < 1)
+    return;
+
+  do {
+    *dest++ = Curl_raw_tolower(*src);
+  } while(*src++ && --n);
+}
+
 /* --- public functions --- */
 
 int curl_strequal(const char *first, const char *second)
Index: curl-7.66.0/lib/strcase.h
===================================================================
--- curl-7.66.0.orig/lib/strcase.h
+++ curl-7.66.0/lib/strcase.h
@@ -40,12 +40,14 @@ int Curl_safe_strcasecompare(const char
 int Curl_strncasecompare(const char *first, const char *second, size_t max);
 
 char Curl_raw_toupper(char in);
+char Curl_raw_tolower(char in);
 
 /* checkprefix() is a shorter version of the above, used when the first
    argument is zero-byte terminated */
 #define checkprefix(a,b)    curl_strnequal(a,b,strlen(a))
 
 void Curl_strntoupper(char *dest, const char *src, size_t n);
+void Curl_strntolower(char *dest, const char *src, size_t n);
 
 bool Curl_safecmp(char *a, char *b);
 int Curl_timestrcmp(const char *first, const char *second);
Index: curl-7.66.0/lib/vquic/ngtcp2.c
===================================================================
--- curl-7.66.0.orig/lib/vquic/ngtcp2.c
+++ curl-7.66.0/lib/vquic/ngtcp2.c
@@ -1202,8 +1202,10 @@ static CURLcode http_request(struct conn
       nva[i].namelen = strlen((char *)nva[i].name);
     }
     else {
-      nva[i].name = (unsigned char *)hdbuf;
       nva[i].namelen = (size_t)(end - hdbuf);
+      /* Lower case the header name for HTTP/3 */
+      Curl_strntolower((char *)hdbuf, hdbuf, nva[i].namelen);
+      nva[i].name = (unsigned char *)hdbuf;
     }
     nva[i].flags = NGHTTP3_NV_FLAG_NONE;
     hdbuf = end + 1;
Index: curl-7.66.0/lib/vquic/quiche.c
===================================================================
--- curl-7.66.0.orig/lib/vquic/quiche.c
+++ curl-7.66.0/lib/vquic/quiche.c
@@ -646,8 +646,10 @@ static CURLcode http_request(struct conn
       nva[i].name_len = strlen((char *)nva[i].name);
     }
     else {
-      nva[i].name = (unsigned char *)hdbuf;
       nva[i].name_len = (size_t)(end - hdbuf);
+      /* Lower case the header name for HTTP/3 */
+      Curl_strntolower((char *)hdbuf, hdbuf, nva[i].name_len);
+      nva[i].name = (unsigned char *)hdbuf;
     }
     hdbuf = end + 1;
     while(*hdbuf == ' ' || *hdbuf == '\t')