From 100976de0d2865ad82ca933fbd285c003578d87f Mon Sep 17 00:00:00 2001
From: "data-plane-api(Azure Pipelines)"
 <data-plane-api@users.noreply.github.com>
Date: Sun, 21 Mar 2021 18:23:03 +0000
Subject: [PATCH] [api] Add header value restriction for via configuration
 field (#15573)

Adds an HTTP header value restriction to avoid
 characters in via configuration in the HCM.

Risk Level: Low, already crashes on ASSERT
Testing: Added corpus entry
Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30089

Signed-off-by: Asra Ali <asraa@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ a240824c376693b16ca8be51e435b95c42f3449f
---
 .../http_connection_manager/v3/http_connection_manager.proto    | 2 +-
 .../v4alpha/http_connection_manager.proto                       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
index 4129af0d..fc062b6d 100644
--- a/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+++ b/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
@@ -483,7 +483,7 @@ message HttpConnectionManager {
 
   // Via header value to append to request and response headers. If this is
   // empty, no via header will be appended.
-  string via = 22;
+  string via = 22 [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];
 
   // Whether the connection manager will generate the :ref:`x-request-id
   // <config_http_conn_man_headers_x-request-id>` header if it does not exist. This defaults to
diff --git a/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto b/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto
index 46592804..0c6ee412 100644
--- a/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto
+++ b/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto
@@ -486,7 +486,7 @@ message HttpConnectionManager {
 
   // Via header value to append to request and response headers. If this is
   // empty, no via header will be appended.
-  string via = 22;
+  string via = 22 [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];
 
   // Whether the connection manager will generate the :ref:`x-request-id
   // <config_http_conn_man_headers_x-request-id>` header if it does not exist. This defaults to