Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 7885:e0fdd75871e4
Disabled control characters in the Host header.
Control characters (0x00-0x1f, 0x7f) and space are not expected to appear
in the Host header. Requests with such characters in the Host header are
now unconditionally rejected.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 28 Jun 2021 18:01:24 +0300 |
parents | b87b7092cedb |
children | 7a6afd584eb4 6674a50cbb6c |
comparison
equal
deleted
inserted
replaced
7884:b87b7092cedb | 7885:e0fdd75871e4 |
---|---|
2174 host_len = i + 1; | 2174 host_len = i + 1; |
2175 state = sw_rest; | 2175 state = sw_rest; |
2176 } | 2176 } |
2177 break; | 2177 break; |
2178 | 2178 |
2179 case '\0': | |
2180 return NGX_DECLINED; | |
2181 | |
2182 default: | 2179 default: |
2183 | 2180 |
2184 if (ngx_path_separator(ch)) { | 2181 if (ngx_path_separator(ch)) { |
2182 return NGX_DECLINED; | |
2183 } | |
2184 | |
2185 if (ch <= 0x20 || ch == 0x7f) { | |
2185 return NGX_DECLINED; | 2186 return NGX_DECLINED; |
2186 } | 2187 } |
2187 | 2188 |
2188 if (ch >= 'A' && ch <= 'Z') { | 2189 if (ch >= 'A' && ch <= 'Z') { |
2189 alloc = 1; | 2190 alloc = 1; |