diff options
-rw-r--r-- | src/cow_http2_machine.erl | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/cow_http2_machine.erl b/src/cow_http2_machine.erl index 41605ef..0779ffc 100644 --- a/src/cow_http2_machine.erl +++ b/src/cow_http2_machine.erl @@ -659,6 +659,8 @@ headers_regular_headers(Frame=#headers{id=StreamID}, stream_reset(StreamID, State, protocol_error, HumanReadable) end. +regular_headers([{<<>>, _}|_], _) -> + {error, 'Empty header names are not valid regular headers. (CVE-2019-9516)'}; regular_headers([{<<":", _/bits>>, _}|_], _) -> {error, 'Pseudo-headers were found after regular headers. (RFC7540 8.1.2.1)'}; regular_headers([{<<"connection">>, _}|_], _) -> |