granicus.if.org Git - curl/commit

]> granicus.if.org Git - curl/commit

author	Daniel Stenberg <daniel@haxx.se>
	Mon, 18 Feb 2019 08:10:01 +0000 (09:10 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Wed, 20 Feb 2019 07:18:02 +0000 (08:18 +0100)
commit	aa5a28bd697d652f78ba471022092e148d0b6e4f
tree	ca8573ac9127aa9e193777cd6bb89bf34bd92e4c	tree \| snapshot
parent	afc00e047c773faeaa60a5f86a246cbbeeba5819	commit \| diff

http2: verify :athority in push promise requests

RFC 7540 says we should verify that the push is for an "authoritative"
server. We make sure of this by only allowing push with an :athority
header that matches the host that was asked for in the URL.

Fixes #3577
Reported-by: Nicolas Grekas
Bug: https://curl.haxx.se/mail/lib-2019-02/0057.html
Closes #3581

lib/http2.c

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom