[nginx] Disabled handling of headers without a colon.
Maxim Dounin
mdounin at mdounin.ru
Wed May 8 20:50:14 UTC 2024
details: http://freenginx.org/hg/nginx/rev/9a5e2296c1be
branches:
changeset: 9267:9a5e2296c1be
user: Maxim Dounin <mdounin at mdounin.ru>
date: Wed May 08 23:00:07 2024 +0300
description:
Disabled handling of headers without a colon.
Starting with nginx 0.1.29 (509:9b8c906f6e63), header names not followed
by a colon and a value were allowed. Such headers were interpreted as
headers with an empty value. With this change, such headers are
unconditionally rejected.
Requested by Maksim Yevmenkin.
diffstat:
src/http/ngx_http_parse.c | 15 ---------------
1 files changed, 0 insertions(+), 15 deletions(-)
diffs (25 lines):
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -961,21 +961,6 @@ ngx_http_parse_header_line(ngx_http_requ
break;
}
- if (ch == CR) {
- r->header_name_end = p;
- r->header_start = p;
- r->header_end = p;
- state = sw_almost_done;
- break;
- }
-
- if (ch == LF) {
- r->header_name_end = p;
- r->header_start = p;
- r->header_end = p;
- goto done;
- }
-
/* IIS may send the duplicate "HTTP/1.1 ..." lines */
if (ch == '/'
&& r->upstream
More information about the nginx-devel
mailing list