Mercurial > hg > nginx
comparison src/http/ngx_http_parse.c @ 4530:667aaf61a778
Headers with null character are now rejected.
Headers with NUL character aren't allowed by HTTP standard and may cause
various security problems. They are now unconditionally rejected.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 15 Mar 2012 11:27:57 +0000 |
parents | d620f497c50f |
children | 4988fa232629 |
comparison
equal
deleted
inserted
replaced
4529:1ebec1d15a25 | 4530:667aaf61a778 |
---|---|
872 r->lowcase_header[0] = c; | 872 r->lowcase_header[0] = c; |
873 i = 1; | 873 i = 1; |
874 break; | 874 break; |
875 } | 875 } |
876 | 876 |
877 if (ch == '\0') { | |
878 return NGX_HTTP_PARSE_INVALID_HEADER; | |
879 } | |
880 | |
877 r->invalid_header = 1; | 881 r->invalid_header = 1; |
878 | 882 |
879 break; | 883 break; |
880 | 884 |
881 } | 885 } |
934 { | 938 { |
935 state = sw_ignore_line; | 939 state = sw_ignore_line; |
936 break; | 940 break; |
937 } | 941 } |
938 | 942 |
943 if (ch == '\0') { | |
944 return NGX_HTTP_PARSE_INVALID_HEADER; | |
945 } | |
946 | |
939 r->invalid_header = 1; | 947 r->invalid_header = 1; |
940 | 948 |
941 break; | 949 break; |
942 | 950 |
943 /* space* before header value */ | 951 /* space* before header value */ |
952 break; | 960 break; |
953 case LF: | 961 case LF: |
954 r->header_start = p; | 962 r->header_start = p; |
955 r->header_end = p; | 963 r->header_end = p; |
956 goto done; | 964 goto done; |
965 case '\0': | |
966 return NGX_HTTP_PARSE_INVALID_HEADER; | |
957 default: | 967 default: |
958 r->header_start = p; | 968 r->header_start = p; |
959 state = sw_value; | 969 state = sw_value; |
960 break; | 970 break; |
961 } | 971 } |
973 state = sw_almost_done; | 983 state = sw_almost_done; |
974 break; | 984 break; |
975 case LF: | 985 case LF: |
976 r->header_end = p; | 986 r->header_end = p; |
977 goto done; | 987 goto done; |
988 case '\0': | |
989 return NGX_HTTP_PARSE_INVALID_HEADER; | |
978 } | 990 } |
979 break; | 991 break; |
980 | 992 |
981 /* space* before end of header line */ | 993 /* space* before end of header line */ |
982 case sw_space_after_value: | 994 case sw_space_after_value: |
986 case CR: | 998 case CR: |
987 state = sw_almost_done; | 999 state = sw_almost_done; |
988 break; | 1000 break; |
989 case LF: | 1001 case LF: |
990 goto done; | 1002 goto done; |
1003 case '\0': | |
1004 return NGX_HTTP_PARSE_INVALID_HEADER; | |
991 default: | 1005 default: |
992 state = sw_value; | 1006 state = sw_value; |
993 break; | 1007 break; |
994 } | 1008 } |
995 break; | 1009 break; |