Browse Source

reject non ASCII characters in HTTP header names

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2868 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.33
Stefan Bühler 9 years ago
parent
commit
b5da12c008
  1. 1
      NEWS
  2. 71
      src/request.c

1
NEWS

@ -9,6 +9,7 @@ NEWS
follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags.
* [mod_fastcgi,log] support multi line logging (fixes #2252)
* call ERR_clear_error only for ssl connections in CON_STATE_ERROR
* reject non ASCII characters in HTTP header names
- 1.4.32 - 2012-11-21
* Code cleanup with clang/sparse (fixes #2437, thx kibi)

71
src/request.c

@ -584,7 +584,7 @@ int http_request_parse(server *srv, connection *con) {
/**
* 1*<any CHAR except CTLs or separators>
* CTLs == 0-31 + 127
* CTLs == 0-31 + 127, CHAR = 7-bit ascii (0..127)
*
*/
switch(*cur) {
@ -619,8 +619,14 @@ int http_request_parse(server *srv, connection *con) {
con->keep_alive = 0;
con->response.keep_alive = 0;
log_error_write(srv, __FILE__, __LINE__, "sbsds",
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "sbsds",
"invalid character in key", con->request.request, cur, *cur, "-> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
return 0;
case ' ':
case '\t':
@ -678,8 +684,6 @@ int http_request_parse(server *srv, connection *con) {
i++;
done = 1;
break;
} else {
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s", "CR without LF -> 400");
@ -693,53 +697,24 @@ int http_request_parse(server *srv, connection *con) {
con->response.keep_alive = 0;
return 0;
}
/* fall thru */
case 0: /* illegal characters (faster than a if () :) */
case 1:
case 2:
case 3:
case 4:
case 5:
case 6:
case 7:
case 8:
case 10:
case 11:
case 12:
case 14:
case 15:
case 16:
case 17:
case 18:
case 19:
case 20:
case 21:
case 22:
case 23:
case 24:
case 25:
case 26:
case 27:
case 28:
case 29:
case 30:
case 31:
case 127:
con->http_status = 400;
con->keep_alive = 0;
con->response.keep_alive = 0;
break;
default:
if (*cur < 32 || ((unsigned char)*cur) >= 127) {
con->http_status = 400;
con->keep_alive = 0;
con->response.keep_alive = 0;
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "sbsds",
"CTL character in key", con->request.request, cur, *cur, "-> 400");
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "sbsds",
"invalid character in key", con->request.request, cur, *cur, "-> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
return 0;
default:
return 0;
}
/* ok */
break;
}

Loading…
Cancel
Save