Ensure authority and/or host fields are not empty

We could have an authority or host that consists of an empty string
hyperium · Mar 20, 2024 · e3ccb20 · e3ccb20
1 parent c3d554a
commit e3ccb20
Showing 1 changed file with 38 additions and 1 deletion.
diff --git a/h3/src/proto/headers.rs b/h3/src/proto/headers.rs
@@ -76,7 +76,6 @@ impl Header {
         //# Host header field.
 
         //= https://www.rfc-editor.org/rfc/rfc9114#section-4.3.1
-        //= type=TODO
         //# If these fields are present, they MUST NOT be
         //# empty.
 
@@ -87,6 +86,8 @@ impl Header {
         //# :authority pseudo-header or Host header fields.
         match (self.pseudo.authority, self.fields.get("host")) {
             (None, None) => return Err(HeaderError::MissingAuthority),
+            (Some(a), _) if a.as_str().is_empty() => return Err(HeaderError::InvalidHeaderValue("authority field is empty".into())),
+            (_, Some(h)) if h.is_empty() => return Err(HeaderError::InvalidHeaderValue("host field is empty".into())),
             (Some(a), None) => uri = uri.authority(a.as_str().as_bytes()),
             (None, Some(h)) => uri = uri.authority(h.as_bytes()),
             //= https://www.rfc-editor.org/rfc/rfc9114#section-4.3.1
@@ -498,6 +499,42 @@ mod tests {
         );
     }
 
+    #[test]
+    fn request_has_empty_authority() {
+        //= https://www.rfc-editor.org/rfc/rfc9114#section-4.3.1
+        //= type=test
+        //# If these fields are present, they MUST NOT be
+        //# empty.
+
+        let headers = Header::try_from(vec![
+            (b":method", Method::GET.as_str()).into(),
+            (b":authority", b"").into(),
+        ])
+        .unwrap();
+        assert_matches!(
+            headers.into_request_parts(),
+            Err(HeaderError::InvalidHeaderValue(_))
+        );
+    }
+
+    #[test]
+    fn request_has_empty_host() {
+        //= https://www.rfc-editor.org/rfc/rfc9114#section-4.3.1
+        //= type=test
+        //# If these fields are present, they MUST NOT be
+        //# empty.
+
+        let headers = Header::try_from(vec![
+            (b":method", Method::GET.as_str()).into(),
+            (b"host", b"").into(),
+        ])
+        .unwrap();
+        assert_matches!(
+            headers.into_request_parts(),
+            Err(HeaderError::InvalidHeaderValue(_))
+        );
+    }
+
     #[test]
     fn request_has_authority() {
         //= https://www.rfc-editor.org/rfc/rfc9114#section-4.3.1