Changeset 4530:667aaf61a778 in nginx


Ignore:
Timestamp:
03/15/12 11:27:57 (5 years ago)
Author:
Maxim Dounin <mdounin@…>
Branch:
default
Convert:
svn:c3fe7df1-7212-e011-8a91-001109144009/trunk@4531
Message:

Headers with null character are now rejected.

Headers with NUL character aren't allowed by HTTP standard and may cause
various security problems. They are now unconditionally rejected.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/http/ngx_http_parse.c

    r4412 r4530  
    875875                }
    876876
     877                if (ch == '\0') {
     878                    return NGX_HTTP_PARSE_INVALID_HEADER;
     879                }
     880
    877881                r->invalid_header = 1;
    878882
     
    937941            }
    938942
     943            if (ch == '\0') {
     944                return NGX_HTTP_PARSE_INVALID_HEADER;
     945            }
     946
    939947            r->invalid_header = 1;
    940948
     
    955963                r->header_end = p;
    956964                goto done;
     965            case '\0':
     966                return NGX_HTTP_PARSE_INVALID_HEADER;
    957967            default:
    958968                r->header_start = p;
     
    976986                r->header_end = p;
    977987                goto done;
     988            case '\0':
     989                return NGX_HTTP_PARSE_INVALID_HEADER;
    978990            }
    979991            break;
     
    9891001            case LF:
    9901002                goto done;
     1003            case '\0':
     1004                return NGX_HTTP_PARSE_INVALID_HEADER;
    9911005            default:
    9921006                state = sw_value;
Note: See TracChangeset for help on using the changeset viewer.