From a1c3c7f9d0c04da073f6b9207d95d444e2ed48ce Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 19 Oct 2024 15:07:29 +0900
Subject: [PATCH] Do not allow '@' in :authority or host field value

---
 lib/nghttp3_http.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/nghttp3_http.c b/lib/nghttp3_http.c
index 38092cf..d6ce982 100644
--- a/lib/nghttp3_http.c
+++ b/lib/nghttp3_http.c
@@ -197,7 +197,7 @@ static char VALID_AUTHORITY_CHARS[] = {
   1 /* 4    */, 1 /* 5    */, 1 /* 6    */, 1 /* 7    */,
   1 /* 8    */, 1 /* 9    */, 1 /* :    */, 1 /* ;    */,
   0 /* <    */, 1 /* =    */, 0 /* >    */, 0 /* ?    */,
-  1 /* @    */, 1 /* A    */, 1 /* B    */, 1 /* C    */,
+  0 /* @    */, 1 /* A    */, 1 /* B    */, 1 /* C    */,
   1 /* D    */, 1 /* E    */, 1 /* F    */, 1 /* G    */,
   1 /* H    */, 1 /* I    */, 1 /* J    */, 1 /* K    */,
   1 /* L    */, 1 /* M    */, 1 /* N    */, 1 /* O    */,