forked from quic-go/quic-go
http3: reject responses that don't set the :status header (#3975)
This commit is contained in:
Marten Seemann
@@ -177,6 +177,9 @@ func responseFromHeaders(headerFields []qpack.HeaderField) (*http.Response, erro
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
if hdr.Status == "" {
|
||||||
|
return nil, errors.New("missing status field")
|
||||||
|
}
|
||||||
rsp := &http.Response{
|
rsp := &http.Response{
|
||||||
Proto: "HTTP/3.0",
|
Proto: "HTTP/3.0",
|
||||||
ProtoMajor: 3,
|
ProtoMajor: 3,
|
||||||
|
|||||||
@@ -317,6 +317,14 @@ var _ = Describe("Response", func() {
|
|||||||
Expect(err).To(MatchError("received pseudo header :status after a regular header field"))
|
Expect(err).To(MatchError("received pseudo header :status after a regular header field"))
|
||||||
})
|
})
|
||||||
|
|
||||||
|
It("rejects response with no status field", func() {
|
||||||
|
headers := []qpack.HeaderField{
|
||||||
|
{Name: "content-length", Value: "42"},
|
||||||
|
}
|
||||||
|
_, err := responseFromHeaders(headers)
|
||||||
|
Expect(err).To(MatchError("missing status field"))
|
||||||
|
})
|
||||||
|
|
||||||
It("rejects invalid status codes", func() {
|
It("rejects invalid status codes", func() {
|
||||||
headers := []qpack.HeaderField{
|
headers := []qpack.HeaderField{
|
||||||
{Name: ":status", Value: "foobar"},
|
{Name: ":status", Value: "foobar"},
|
||||||
|
|||||||
Reference in New Issue
Block a user