diff --git a/src/connection/http2.rs b/src/connection/http2.rs index dad1bcc..c46c049 100644 --- a/src/connection/http2.rs +++ b/src/connection/http2.rs @@ -660,7 +660,7 @@ pub async fn do_connection_loop( // RFC 9113 6.1: `If a DATA frame is received whose Stream // Identifier field is 0x00, the recipient MUST respond with a // connection error` - if frame.stream_identifier == 0 { + if frame.stream_identifier == 0 && frame.length > 0 { return Err(ConnectionError::DataOnStreamZero); } diff --git a/src/http2/frames/frame.rs b/src/http2/frames/frame.rs index 878c24f..e8dba1d 100644 --- a/src/http2/frames/frame.rs +++ b/src/http2/frames/frame.rs @@ -18,6 +18,8 @@ pub enum FrameError { WindowUpdateTooBig, #[error("Frame is too big ({actual} > {max_frame_size})")] FrameTooBig { actual: u32, max_frame_size: u32 }, + #[error("Header frame contains uppercase header")] + UppercaseHeader, // #[error("Continuation frame without header frame")] // ContinuationWithoutHeader, // #[error("Continuation frame but END_HEADERS set")] diff --git a/src/http2/frames/headers.rs b/src/http2/frames/headers.rs index 8457964..130fd3b 100644 --- a/src/http2/frames/headers.rs +++ b/src/http2/frames/headers.rs @@ -66,7 +66,16 @@ impl Headers { headers: hds .into_iter() .map(|(k, v)| (Bytes::from(k), Bytes::from(v))) - .collect(), + .map(|(k, v)| { + if k.iter() + .all(|c| c.is_ascii_uppercase() || c.is_ascii_punctuation()) + { + Err(FrameError::UppercaseHeader) + } else { + Ok((k, v)) + } + }) + .collect::, FrameError>>()?, end_stream: Self::is_end_stream(flags), }), Err(err) => {