envoyproxy/envoy

IPv6 Host format is not validated before it is propagated to :authority

Open

#22,859 opened on Aug 26, 2022

View on GitHub
 (27 comments) (0 reactions) (2 assignees)C++ (5,373 forks)batch import
area/httpbeginnerbughelp wantedno stalebot

Repository metrics

Stars
 (27,997 stars)
PR merge metrics
 (Avg merge 8d) (378 merged PRs in 30d)

Description

Hello everyone. I have noticed that in IPv6, when Envoy translates a request to HTTP2 , Envoy does not seem to check and verify the host address format before propagating the value to the :authority pseudo-header. Host addresses like "2001:db8::2:1:443" (it does not adhere to the [ip]:port format) are applied as "they-are" in the :authority header. Keep in mind that RFC3986 states the following about host header:

A host identified by an Internet Protocol literal address, version 6 [RFC3513] or later, is distinguished by enclosing the IP literal within square brackets ("[" and "]").

Therefore I would expect that non-rfc3986-compliant headers would lead to an error and not be propagated to :authority as part of the conversion from http1 to http2. For your reference, RFC7230 mentioned host header handling in case of invalid values.

A server MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message that lacks a Host header field and to any request message that contains more than one Host header field or a Host header field with an invalid field-value.

Is the current behavior intentional or is there an actual issue? If needed I can provide some steps to reproduce the behavior by using Istio. I have verified the behavior on Envoy 1.22.2

Contributor guide