[nginx] svn commit: r4531 - trunk/src/http
mdounin at mdounin.ru
mdounin at mdounin.ru
Thu Mar 15 11:27:57 UTC 2012
Author: mdounin
Date: 2012-03-15 11:27:57 +0000 (Thu, 15 Mar 2012)
New Revision: 4531
Log:
Headers with null character are now rejected.
Headers with NUL character aren't allowed by HTTP standard and may cause
various security problems. They are now unconditionally rejected.
Modified:
trunk/src/http/ngx_http_parse.c
Modified: trunk/src/http/ngx_http_parse.c
===================================================================
--- trunk/src/http/ngx_http_parse.c 2012-03-15 11:27:12 UTC (rev 4530)
+++ trunk/src/http/ngx_http_parse.c 2012-03-15 11:27:57 UTC (rev 4531)
@@ -874,6 +874,10 @@
break;
}
+ if (ch == '\0') {
+ return NGX_HTTP_PARSE_INVALID_HEADER;
+ }
+
r->invalid_header = 1;
break;
@@ -936,6 +940,10 @@
break;
}
+ if (ch == '\0') {
+ return NGX_HTTP_PARSE_INVALID_HEADER;
+ }
+
r->invalid_header = 1;
break;
@@ -954,6 +962,8 @@
r->header_start = p;
r->header_end = p;
goto done;
+ case '\0':
+ return NGX_HTTP_PARSE_INVALID_HEADER;
default:
r->header_start = p;
state = sw_value;
@@ -975,6 +985,8 @@
case LF:
r->header_end = p;
goto done;
+ case '\0':
+ return NGX_HTTP_PARSE_INVALID_HEADER;
}
break;
@@ -988,6 +1000,8 @@
break;
case LF:
goto done;
+ case '\0':
+ return NGX_HTTP_PARSE_INVALID_HEADER;
default:
state = sw_value;
break;
More information about the nginx-devel
mailing list