8000 NGINX accepts (and does not strip) leading and trailing whitespace in HTTP/2 and HTTP/3 field values · Issue #598 · nginx/nginx · GitHub
[go: up one dir, main page]

Skip to content
NGINX accepts (and does not strip) leading and trailing whitespace in HTTP/2 and HTTP/3 field values #598
Open
@DemiMarie

Description

@DemiMarie

Environment

N/A

Description

In HTTP/2 and HTTP/3, NGINX accepts field (header and trailer) values with leading and/or trailing space and/or tab characters. This is forbidden by RFC9113 and RFC9114: NGINX must either reject the entire message or strip leading and trailing whitespace before doing any further processing.

This can be observed by sending an HTTP/2 or HTTP/3 request with a header value containing leading or trailing spaces to an NGINX instance that reverse-proxies to another instance of NGINX, and finding that the two disagree on the exact value of the header.

The easiest fix is to unconditionally reject such requests or responses. I am not sure if this is too risky from a compatibility perspective.

nginx configuration

N/A — this was found by source review and confirmed to be a bug.

nginx debug log

N/A

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      0