Mercurial > hg > nginx

comparison src/http/ngx_http_parse.c @ 9267:9a5e2296c1be

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Disabled handling of headers without a colon. Starting with nginx 0.1.29 (509:9b8c906f6e63), header names not followed by a colon and a value were allowed. Such headers were interpreted as headers with an empty value. With this change, such headers are unconditionally rejected. Requested by Maksim Yevmenkin.
author Maxim Dounin <mdounin@mdounin.ru>
date Wed, 08 May 2024 23:00:07 +0300
parents ddcedfa3a809
children f53146df9a47
comparison
equal deleted inserted replaced
9266:93bbb9fbf30d 9267:9a5e2296c1be
959 r->header_name_end = p; 959 r->header_name_end = p;
960 state = sw_space_before_value; 960 state = sw_space_before_value;
961 break; 961 break;
962 } 962 }
963 963
964 if (ch == CR) {
965 r->header_name_end = p;
966 r->header_start = p;
967 r->header_end = p;
968 state = sw_almost_done;
969 break;
970 }
971
972 if (ch == LF) {
973 r->header_name_end = p;
974 r->header_start = p;
975 r->header_end = p;
976 goto done;
977 }
978
979 /* IIS may send the duplicate "HTTP/1.1 ..." lines */ 964 /* IIS may send the duplicate "HTTP/1.1 ..." lines */
980 if (ch == '/' 965 if (ch == '/'
981 && r->upstream 966 && r->upstream
982 && p - r->header_name_start == 4 967 && p - r->header_name_start == 4
983 && ngx_strncmp(r->header_name_start, "HTTP", 4) == 0) 968 && ngx_strncmp(r->header_name_start, "HTTP", 4) == 0)