# HG changeset patch
# User Ruslan Ermilov <ru@nginx.com>
# Date 1528361230 -10800
# Node ID d588987701f409d86eb7913311ee1481b5efbd87
# Parent  f9661f56c717efea40ce2b894ad7a75dbeb708fe
HTTP/2: validate client request scheme.

The scheme is validated as per RFC 3986, Section 3.1.

diff -r f9661f56c717 -r d588987701f4 src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c	Thu May 24 12:06:35 2018 +0300
+++ b/src/http/v2/ngx_http_v2.c	Thu Jun 07 11:47:10 2018 +0300
@@ -3474,6 +3474,9 @@
 static ngx_int_t
 ngx_http_v2_parse_scheme(ngx_http_request_t *r, ngx_str_t *value)
 {
+    u_char      c, ch;
+    ngx_uint_t  i;
+
     if (r->schema_start) {
         ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
                       "client sent duplicate :scheme header");
@@ -3488,6 +3491,26 @@
         return NGX_DECLINED;
     }
 
+    for (i = 0; i < value->len; i++) {
+        ch = value->data[i];
+
+        c = (u_char) (ch | 0x20);
+        if (c >= 'a' && c <= 'z') {
+            continue;
+        }
+
+        if (((ch >= '0' && ch <= '9') || ch == '+' || ch == '-' || ch == '.')
+            && i > 0)
+        {
+            continue;
+        }
+
+        ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                      "client sent invalid :scheme header: \"%V\"", value);
+
+        return NGX_DECLINED;
+    }
+
     r->schema_start = value->data;
     r->schema_end = value->data + value->len;