Mercurial > hg > nginx
comparison src/http/ngx_http_parse.c @ 9267:9a5e2296c1be
Disabled handling of headers without a colon.
Starting with nginx 0.1.29 (509:9b8c906f6e63), header names not followed
by a colon and a value were allowed. Such headers were interpreted as
headers with an empty value. With this change, such headers are
unconditionally rejected.
Requested by Maksim Yevmenkin.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 08 May 2024 23:00:07 +0300 |
parents | ddcedfa3a809 |
children | f53146df9a47 |
comparison
equal
deleted
inserted
replaced
9266:93bbb9fbf30d | 9267:9a5e2296c1be |
---|---|
959 r->header_name_end = p; | 959 r->header_name_end = p; |
960 state = sw_space_before_value; | 960 state = sw_space_before_value; |
961 break; | 961 break; |
962 } | 962 } |
963 | 963 |
964 if (ch == CR) { | |
965 r->header_name_end = p; | |
966 r->header_start = p; | |
967 r->header_end = p; | |
968 state = sw_almost_done; | |
969 break; | |
970 } | |
971 | |
972 if (ch == LF) { | |
973 r->header_name_end = p; | |
974 r->header_start = p; | |
975 r->header_end = p; | |
976 goto done; | |
977 } | |
978 | |
979 /* IIS may send the duplicate "HTTP/1.1 ..." lines */ | 964 /* IIS may send the duplicate "HTTP/1.1 ..." lines */ |
980 if (ch == '/' | 965 if (ch == '/' |
981 && r->upstream | 966 && r->upstream |
982 && p - r->header_name_start == 4 | 967 && p - r->header_name_start == 4 |
983 && ngx_strncmp(r->header_name_start, "HTTP", 4) == 0) | 968 && ngx_strncmp(r->header_name_start, "HTTP", 4) == 0) |