http2: validate non-link headers in writeEarlyHints

Validate header names and values for non-link hints passed to
writeEarlyHints() in the HTTP/2 compat layer using assertValidHeader()
and checkIsHttpToken(), consistent with the HTTP/1.1 validation added
in #61897.

Previously, hints were forwarded into the headers object without any
validation, allowing invalid characters in header names/values to
surface as opaque errors deeper in the HTTP/2 stack.

Signed-off-by: Matteo Collina <hello@matteocollina.com>
PR-URL: #62017
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tim Perry <pimterry@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

Author: mcollina

lib/internal/http2/compat.js

@@ -921,7 +921,11 @@ class Http2ServerResponse extends Stream {
 
     for (const key of ObjectKeys(hints)) {
       if (key !== 'link') {
-        headers[key] = hints[key];
+        const name = key.trim().toLowerCase();
+        assertValidHeader(name, hints[key]);
+        if (!checkIsHttpToken(name))
+          throw new ERR_INVALID_HTTP_TOKEN('Header name', name);
+        headers[name] = hints[key];
       }
     }
 

test/parallel/test-http2-compat-write-early-hints-invalid-header.js

@@ -0,0 +1,60 @@
+'use strict';
+
+const common = require('../common');
+if (!common.hasCrypto) common.skip('missing crypto');
+
+const assert = require('node:assert');
+const http2 = require('node:http2');
+const debug = require('node:util').debuglog('test');
+
+const testResBody = 'response content';
+
+{
+  const server = http2.createServer();
+
+  server.on('request', common.mustCall((req, res) => {
+    debug('Server sending early hints...');
+
+    assert.throws(() => {
+      res.writeEarlyHints({
+        'link': '</styles.css>; rel=preload; as=style',
+        'x\rbad': 'value',
+      });
+    }, (err) => err.code === 'ERR_INVALID_HTTP_TOKEN');
+
+    assert.throws(() => {
+      res.writeEarlyHints({
+        'link': '</styles.css>; rel=preload; as=style',
+        'x-custom': undefined,
+      });
+    }, (err) => err.code === 'ERR_HTTP2_INVALID_HEADER_VALUE');
+
+    debug('Server sending full response...');
+    res.end(testResBody);
+  }));
+
+  server.listen(0);
+
+  server.on('listening', common.mustCall(() => {
+    const client = http2.connect(`http://localhost:${server.address().port}`);
+    const req = client.request();
+
+    debug('Client sending request...');
+
+    req.on('headers', common.mustNotCall());
+
+    req.on('response', common.mustCall((headers) => {
+      assert.strictEqual(headers[':status'], 200);
+    }));
+
+    let data = '';
+    req.on('data', common.mustCallAtLeast((d) => data += d));
+
+    req.on('end', common.mustCall(() => {
+      debug('Got full response.');
+      assert.strictEqual(data, testResBody);
+      client.close();
+      server.close();
+    }));
+  }));
+}