diff --git a/src/core/lib/security/transport/client_auth_filter.c b/src/core/lib/security/transport/client_auth_filter.c index 80fdbe68eb3..d8540b96253 100644 --- a/src/core/lib/security/transport/client_auth_filter.c +++ b/src/core/lib/security/transport/client_auth_filter.c @@ -133,12 +133,24 @@ static void on_credentials_metadata(grpc_exec_ctx *exec_ctx, void *user_data, mdb = op->send_initial_metadata; grpc_error *error = GRPC_ERROR_NONE; for (i = 0; i < num_md; i++) { - add_error(&error, - grpc_metadata_batch_add_tail( - mdb, &calld->md_links[i], - grpc_mdelem_from_slices( - exec_ctx, grpc_slice_ref_internal(md_elems[i].key), - grpc_slice_ref_internal(md_elems[i].value)))); + if (!grpc_header_key_is_legal(md_elems[i].key)) { + char *str = grpc_dump_slice(md_elems[i].key, GPR_DUMP_ASCII); + gpr_log(GPR_ERROR, "attempt to send invalid metadata key: %s", str); + gpr_free(str); + } else if (!grpc_is_binary_header(md_elems[i].key) && + !grpc_header_nonbin_value_is_legal(md_elems[i].value)) { + char *str = + grpc_dump_slice(md_elems[i].value, GPR_DUMP_HEX | GPR_DUMP_ASCII); + gpr_log(GPR_ERROR, "attempt to send invalid metadata value: %s", str); + gpr_free(str); + } else { + add_error(&error, + grpc_metadata_batch_add_tail( + mdb, &calld->md_links[i], + grpc_mdelem_from_slices( + exec_ctx, grpc_slice_ref_internal(md_elems[i].key), + grpc_slice_ref_internal(md_elems[i].value)))); + } } if (error == GRPC_ERROR_NONE) { grpc_call_next_op(exec_ctx, elem, op); diff --git a/src/core/lib/security/transport/server_auth_filter.c b/src/core/lib/security/transport/server_auth_filter.c index 34f5bbf8f47..4433704cb97 100644 --- a/src/core/lib/security/transport/server_auth_filter.c +++ b/src/core/lib/security/transport/server_auth_filter.c @@ -127,6 +127,10 @@ static void on_md_processing_done( grpc_metadata_batch_filter(&exec_ctx, calld->recv_initial_metadata, remove_consumed_md, elem, "Response metadata filtering error")); + for (size_t i = 0; i < calld->md.count; i++) { + grpc_slice_unref_internal(&exec_ctx, calld->md.metadata[i].key); + grpc_slice_unref_internal(&exec_ctx, calld->md.metadata[i].value); + } grpc_metadata_array_destroy(&calld->md); grpc_exec_ctx_sched(&exec_ctx, calld->on_done_recv, GRPC_ERROR_NONE, NULL); } else { diff --git a/test/core/end2end/fixtures/h2_oauth2.c b/test/core/end2end/fixtures/h2_oauth2.c index 28011be7872..33516528586 100644 --- a/test/core/end2end/fixtures/h2_oauth2.c +++ b/test/core/end2end/fixtures/h2_oauth2.c @@ -74,7 +74,7 @@ static void process_oauth2_success(void *state, grpc_auth_context *ctx, grpc_process_auth_metadata_done_cb cb, void *user_data) { const grpc_metadata *oauth2 = - find_metadata(md, md_count, "Authorization", oauth2_md); + find_metadata(md, md_count, "authorization", oauth2_md); test_processor_state *s; GPR_ASSERT(state != NULL); @@ -93,7 +93,7 @@ static void process_oauth2_failure(void *state, grpc_auth_context *ctx, grpc_process_auth_metadata_done_cb cb, void *user_data) { const grpc_metadata *oauth2 = - find_metadata(md, md_count, "Authorization", oauth2_md); + find_metadata(md, md_count, "authorization", oauth2_md); test_processor_state *s; GPR_ASSERT(state != NULL); s = (test_processor_state *)state; @@ -154,7 +154,7 @@ static void chttp2_init_client_simple_ssl_with_oauth2_secure_fullstack( grpc_channel_credentials *ssl_creds = grpc_ssl_credentials_create(test_root_cert, NULL, NULL); grpc_call_credentials *oauth2_creds = - grpc_md_only_test_credentials_create("Authorization", oauth2_md, 1); + grpc_md_only_test_credentials_create("authorization", oauth2_md, 1); grpc_channel_credentials *ssl_oauth2_creds = grpc_composite_channel_credentials_create(ssl_creds, oauth2_creds, NULL); grpc_arg ssl_name_override = {GRPC_ARG_STRING,