What version of Bun is running?

1.0.5-debug+35109160ca5d439116bedeb3302ec3745e2895d5

What platform is your computer?

Linux 6.1.56-1-lts x86_64 x86_64

What steps can reproduce the bug?

0. Install Bun and netcat on a Unix system.
1. Copy the following into your filesystem as app.js:

Bun.serve({
    port: 8000,
    async fetch(request) {
        let headers = [];
        for (const key of request.headers.keys()) {
            headers = headers.concat([[key, request.headers.get(key)]]);
        }
        return new Response(
            JSON.stringify({
            "headers": headers,
            }),
            { status: 200 }
        )
    }
});

2. Run it: (starts an HTTP server on port 8000)

bun app.js

3. Send it a control request to test that it's working:

printf 'GET / HTTP/1.1\r\nConnection: close\r\nHost: a\r\nTest: test\r\n\r\n' | nc localhost 8000

4. Observe the expected response:

HTTP/1.1 200 OK
content-type: text/plain;charset=utf-8
Date: Thu, 12 Oct 2023 16:25:18 GMT
Content-Length: 65

{"headers":[["connection","close"],["host","a"],["test","test"]]}

5. Send it a request containing any of the following characters within a header name: !#$%&'*+.^_`|~

printf 'GET / HTTP/1.1\r\nConnection: close\r\nHost: a\r\nTest!: test\r\n\r\n' | nc localhost 8000

6. Observe that the server doesn't respond, and the connection remains open.

What is the expected behavior?

Given that the RFCs permit these characters in header names, (see RFC 9110 section 5.6.2) the expected behavior is to either handle these requests normally (this is what Deno and Node.js do) or silently drop the headers but still respond to the request (this is what Nginx and Apache do).

What do you see instead?

The server does not respond to the request (though the connection remains open), presumably because it interprets the request as being invalid.

Additional information

This was found with coverage-guided differential fuzzing against Deno and Node.