envoyproxy/envoy

IPv6 Host format is not validated before it is propagated to :authority

Open

#22.859 aperta il 26 ago 2022

Vedi su GitHub
 (27 commenti) (0 reazioni) (2 assegnatari)C++ (5373 fork)batch import
area/httpbeginnerbughelp wantedno stalebot

Metriche repository

Star
 (27.997 star)
Metriche merge PR
 (Merge medio 8g) (378 PR mergiate in 30 g)

Descrizione

Hello everyone. I have noticed that in IPv6, when Envoy translates a request to HTTP2 , Envoy does not seem to check and verify the host address format before propagating the value to the :authority pseudo-header. Host addresses like "2001:db8::2:1:443" (it does not adhere to the [ip]:port format) are applied as "they-are" in the :authority header. Keep in mind that RFC3986 states the following about host header:

A host identified by an Internet Protocol literal address, version 6 [RFC3513] or later, is distinguished by enclosing the IP literal within square brackets ("[" and "]").

Therefore I would expect that non-rfc3986-compliant headers would lead to an error and not be propagated to :authority as part of the conversion from http1 to http2. For your reference, RFC7230 mentioned host header handling in case of invalid values.

A server MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message that lacks a Host header field and to any request message that contains more than one Host header field or a Host header field with an invalid field-value.

Is the current behavior intentional or is there an actual issue? If needed I can provide some steps to reproduce the behavior by using Istio. I have verified the behavior on Envoy 1.22.2

Guida contributor