Mercurial > hg > nginx-quic
comparison src/http/ngx_http_request.c @ 8533:e0fdd75871e4
Disabled control characters in the Host header.
Control characters (0x00-0x1f, 0x7f) and space are not expected to appear
in the Host header. Requests with such characters in the Host header are
now unconditionally rejected.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 28 Jun 2021 18:01:24 +0300 |
| parents | b87b7092cedb |
| children | 6674a50cbb6c 7a6afd584eb4 |
comparison
equal
deleted
inserted
replaced
| 8532:b87b7092cedb | 8533:e0fdd75871e4 |
|---|---|
| 2174 host_len = i + 1; | 2174 host_len = i + 1; |
| 2175 state = sw_rest; | 2175 state = sw_rest; |
| 2176 } | 2176 } |
| 2177 break; | 2177 break; |
| 2178 | 2178 |
| 2179 case '\0': | |
| 2180 return NGX_DECLINED; | |
| 2181 | |
| 2182 default: | 2179 default: |
| 2183 | 2180 |
| 2184 if (ngx_path_separator(ch)) { | 2181 if (ngx_path_separator(ch)) { |
| 2182 return NGX_DECLINED; | |
| 2183 } | |
| 2184 | |
| 2185 if (ch <= 0x20 || ch == 0x7f) { | |
| 2185 return NGX_DECLINED; | 2186 return NGX_DECLINED; |
| 2186 } | 2187 } |
| 2187 | 2188 |
| 2188 if (ch >= 'A' && ch <= 'Z') { | 2189 if (ch >= 'A' && ch <= 'Z') { |
| 2189 alloc = 1; | 2190 alloc = 1; |