[http_conn_manage]missing protobuf validation for config.serverName() #12709
Description
In the line
headers.setReferenceServer(connection_manager_.config_.serverName());
(the code is here: https://github.com/envoyproxy/envoy/blob/master/source/common/http/conn_manager_impl.cc#L1824)
It adds the serverName of config to headers. However, header doesn't allow \0\r\n here:
static inline bool validHeaderString(absl::string_view s) {
// If you modify this list of illegal embedded characters you will probably
// want to change header_map_fuzz_impl_test at the same time.
for (const char c : s) {
switch (c) {
case '\0':
FALLTHRU;
case '\r':
FALLTHRU;
case '\n':
return false;
default:
continue;
}
}
return true;
}
We may consider adding PGV constraint that the serverName field should not contain \0\r\n, or strip them when configuration.