Enable header valication in HttpServerUpgradeHandler (#10643)
Motivation: HttpServerUpgradeHandler takes a list of protocols from an incoming request and uses them for building a response. Although the class does some validation while parsing the list, it then disables HTTP header validation when it builds a responst. The disabled validation may potentially allow HTTP response splitting attacks. Modifications: - Enabled HTTP header validation in HttpServerUpgradeHandler as a defense-in-depth measure to prevent possible HTTP response splitting attacks. - Added a new constructor that allows disabling the validation. Result: HttpServerUpgradeHandler validates incoming protocols before including them into a response. That should prevent possible HTTP response splitting attacks.
This commit is contained in:
parent
30e9b6846d
commit
3e41a7f231
@ -169,6 +169,7 @@ public class HttpServerUpgradeHandler extends HttpObjectAggregator {
|
|||||||
|
|
||||||
private final SourceCodec sourceCodec;
|
private final SourceCodec sourceCodec;
|
||||||
private final UpgradeCodecFactory upgradeCodecFactory;
|
private final UpgradeCodecFactory upgradeCodecFactory;
|
||||||
|
private final boolean validateHeaders;
|
||||||
private boolean handlingUpgrade;
|
private boolean handlingUpgrade;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -199,10 +200,25 @@ public class HttpServerUpgradeHandler extends HttpObjectAggregator {
|
|||||||
*/
|
*/
|
||||||
public HttpServerUpgradeHandler(
|
public HttpServerUpgradeHandler(
|
||||||
SourceCodec sourceCodec, UpgradeCodecFactory upgradeCodecFactory, int maxContentLength) {
|
SourceCodec sourceCodec, UpgradeCodecFactory upgradeCodecFactory, int maxContentLength) {
|
||||||
|
this(sourceCodec, upgradeCodecFactory, maxContentLength, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Constructs the upgrader with the supported codecs.
|
||||||
|
*
|
||||||
|
* @param sourceCodec the codec that is being used initially
|
||||||
|
* @param upgradeCodecFactory the factory that creates a new upgrade codec
|
||||||
|
* for one of the requested upgrade protocols
|
||||||
|
* @param maxContentLength the maximum length of the content of an upgrade request
|
||||||
|
* @param validateHeaders validate the header names and values of the upgrade response.
|
||||||
|
*/
|
||||||
|
public HttpServerUpgradeHandler(SourceCodec sourceCodec, UpgradeCodecFactory upgradeCodecFactory,
|
||||||
|
int maxContentLength, boolean validateHeaders) {
|
||||||
super(maxContentLength);
|
super(maxContentLength);
|
||||||
|
|
||||||
this.sourceCodec = requireNonNull(sourceCodec, "sourceCodec");
|
this.sourceCodec = requireNonNull(sourceCodec, "sourceCodec");
|
||||||
this.upgradeCodecFactory = requireNonNull(upgradeCodecFactory, "upgradeCodecFactory");
|
this.upgradeCodecFactory = requireNonNull(upgradeCodecFactory, "upgradeCodecFactory");
|
||||||
|
this.validateHeaders = validateHeaders;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -349,9 +365,9 @@ public class HttpServerUpgradeHandler extends HttpObjectAggregator {
|
|||||||
/**
|
/**
|
||||||
* Creates the 101 Switching Protocols response message.
|
* Creates the 101 Switching Protocols response message.
|
||||||
*/
|
*/
|
||||||
private static FullHttpResponse createUpgradeResponse(CharSequence upgradeProtocol) {
|
private FullHttpResponse createUpgradeResponse(CharSequence upgradeProtocol) {
|
||||||
DefaultFullHttpResponse res = new DefaultFullHttpResponse(HTTP_1_1, SWITCHING_PROTOCOLS,
|
DefaultFullHttpResponse res = new DefaultFullHttpResponse(
|
||||||
Unpooled.EMPTY_BUFFER, false);
|
HTTP_1_1, SWITCHING_PROTOCOLS, Unpooled.EMPTY_BUFFER, validateHeaders);
|
||||||
res.headers().add(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE);
|
res.headers().add(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE);
|
||||||
res.headers().add(HttpHeaderNames.UPGRADE, upgradeProtocol);
|
res.headers().add(HttpHeaderNames.UPGRADE, upgradeProtocol);
|
||||||
return res;
|
return res;
|
||||||
|
Loading…
Reference in New Issue
Block a user