Mercurial > hg > nginx

comparison src/http/ngx_http_parse.c @ 4530:667aaf61a778

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Headers with null character are now rejected. Headers with NUL character aren't allowed by HTTP standard and may cause various security problems. They are now unconditionally rejected.
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 15 Mar 2012 11:27:57 +0000
parents d620f497c50f
children 4988fa232629
comparison
equal deleted inserted replaced
4529:1ebec1d15a25 4530:667aaf61a778
872 r->lowcase_header[0] = c; 872 r->lowcase_header[0] = c;
873 i = 1; 873 i = 1;
874 break; 874 break;
875 } 875 }
876 876
877 if (ch == '\0') {
878 return NGX_HTTP_PARSE_INVALID_HEADER;
879 }
880
877 r->invalid_header = 1; 881 r->invalid_header = 1;
878 882
879 break; 883 break;
880 884
881 } 885 }
934 { 938 {
935 state = sw_ignore_line; 939 state = sw_ignore_line;
936 break; 940 break;
937 } 941 }
938 942
943 if (ch == '\0') {
944 return NGX_HTTP_PARSE_INVALID_HEADER;
945 }
946
939 r->invalid_header = 1; 947 r->invalid_header = 1;
940 948
941 break; 949 break;
942 950
943 /* space* before header value */ 951 /* space* before header value */
952 break; 960 break;
953 case LF: 961 case LF:
954 r->header_start = p; 962 r->header_start = p;
955 r->header_end = p; 963 r->header_end = p;
956 goto done; 964 goto done;
965 case '\0':
966 return NGX_HTTP_PARSE_INVALID_HEADER;
957 default: 967 default:
958 r->header_start = p; 968 r->header_start = p;
959 state = sw_value; 969 state = sw_value;
960 break; 970 break;
961 } 971 }
973 state = sw_almost_done; 983 state = sw_almost_done;
974 break; 984 break;
975 case LF: 985 case LF:
976 r->header_end = p; 986 r->header_end = p;
977 goto done; 987 goto done;
988 case '\0':
989 return NGX_HTTP_PARSE_INVALID_HEADER;
978 } 990 }
979 break; 991 break;
980 992
981 /* space* before end of header line */ 993 /* space* before end of header line */
982 case sw_space_after_value: 994 case sw_space_after_value:
986 case CR: 998 case CR:
987 state = sw_almost_done; 999 state = sw_almost_done;
988 break; 1000 break;
989 case LF: 1001 case LF:
990 goto done; 1002 goto done;
1003 case '\0':
1004 return NGX_HTTP_PARSE_INVALID_HEADER;
991 default: 1005 default:
992 state = sw_value; 1006 state = sw_value;
993 break; 1007 break;
994 } 1008 }
995 break; 1009 break;