[api] Add header value restriction for via configuration field (#15573)

Adds an HTTP header value restriction to avoid characters in via configuration in the HCM. Risk Level: Low, already crashes on ASSERT Testing: Added corpus entry Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30089 Signed-off-by: Asra Ali <asraa@google.com> Mirrored from https://github.com/envoyproxy/envoy @ a240824c376693b16ca8be51e435b95c42f3449f
4 years ago · 100976de0d
parent 9b1f3a1234
commit 100976de0d
2 changed files with 2 additions and 2 deletions
--- a/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+++ b/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
@ -483,7 +483,7 @@ message HttpConnectionManager {

  // Via header value to append to request and response headers. If this is
  // empty, no via header will be appended.
-  string via = 22;
+  string via = 22 [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];

  // Whether the connection manager will generate the :ref:`x-request-id
  // <config_http_conn_man_headers_x-request-id>` header if it does not exist. This defaults to
--- a/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto
+++ b/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto
@ -486,7 +486,7 @@ message HttpConnectionManager {

  // Via header value to append to request and response headers. If this is
  // empty, no via header will be appended.
-  string via = 22;
+  string via = 22 [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];

  // Whether the connection manager will generate the :ref:`x-request-id
  // <config_http_conn_man_headers_x-request-id>` header if it does not exist. This defaults to