Mercurial > hg > nginx
changeset 4530:667aaf61a778
Headers with null character are now rejected.
Headers with NUL character aren't allowed by HTTP standard and may cause
various security problems. They are now unconditionally rejected.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 15 Mar 2012 11:27:57 +0000 |
| parents | 1ebec1d15a25 |
| children | f7e1113a9a16 |
| files | src/http/ngx_http_parse.c |
| diffstat | 1 files changed, 14 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -874,6 +874,10 @@ ngx_http_parse_header_line(ngx_http_requ break; } + if (ch == '\0') { + return NGX_HTTP_PARSE_INVALID_HEADER; + } + r->invalid_header = 1; break; @@ -936,6 +940,10 @@ ngx_http_parse_header_line(ngx_http_requ break; } + if (ch == '\0') { + return NGX_HTTP_PARSE_INVALID_HEADER; + } + r->invalid_header = 1; break; @@ -954,6 +962,8 @@ ngx_http_parse_header_line(ngx_http_requ r->header_start = p; r->header_end = p; goto done; + case '\0': + return NGX_HTTP_PARSE_INVALID_HEADER; default: r->header_start = p; state = sw_value; @@ -975,6 +985,8 @@ ngx_http_parse_header_line(ngx_http_requ case LF: r->header_end = p; goto done; + case '\0': + return NGX_HTTP_PARSE_INVALID_HEADER; } break; @@ -988,6 +1000,8 @@ ngx_http_parse_header_line(ngx_http_requ break; case LF: goto done; + case '\0': + return NGX_HTTP_PARSE_INVALID_HEADER; default: state = sw_value; break;