[api] Add header value restriction for via configuration field (#15573)

Adds an HTTP header value restriction to avoid \r\0\n characters in via configuration in the HCM. Risk Level: Low, already crashes on ASSERT Testing: Added corpus entry Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30089 Signed-off-by: Asra Ali <[email protected]>
envoyproxy · Mar 21, 2021 · a240824 · a240824
1 parent dff506f
commit a240824
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 4 deletions.
diff --git a/...envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/...envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
@@ -483,7 +483,7 @@ message HttpConnectionManager {
 
   // Via header value to append to request and response headers. If this is
   // empty, no via header will be appended.
-  string via = 22;
+  string via = 22 [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];
 
   // Whether the connection manager will generate the :ref:`x-request-id
   // <config_http_conn_man_headers_x-request-id>` header if it does not exist. This defaults to

diff --git a/.../extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto b/.../extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto
diff --git a/...envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/...envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
diff --git a/.../extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto b/.../extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto
diff --git a/...ilter_corpus/clusterfuzz-testcase-minimized-network_readfilter_fuzz_test-5997415572963328 b/...ilter_corpus/clusterfuzz-testcase-minimized-network_readfilter_fuzz_test-5997415572963328