Mercurial > hg > nginx
changeset 7885:e0fdd75871e4
Disabled control characters in the Host header.
Control characters (0x00-0x1f, 0x7f) and space are not expected to appear
in the Host header. Requests with such characters in the Host header are
now unconditionally rejected.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 28 Jun 2021 18:01:24 +0300 |
parents | b87b7092cedb |
children | 7f5e3595caff |
files | src/http/ngx_http_request.c |
diffstat | 1 files changed, 4 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/ngx_http_request.c Mon Jun 28 18:01:20 2021 +0300 +++ b/src/http/ngx_http_request.c Mon Jun 28 18:01:24 2021 +0300 @@ -2176,15 +2176,16 @@ } break; - case '\0': - return NGX_DECLINED; - default: if (ngx_path_separator(ch)) { return NGX_DECLINED; } + if (ch <= 0x20 || ch == 0x7f) { + return NGX_DECLINED; + } + if (ch >= 'A' && ch <= 'Z') { alloc = 1; }