[nginx] svn commit: r4531 - trunk/src/http

Thu Mar 15 11:27:57 UTC 2012

Author: mdounin
Date: 2012-03-15 11:27:57 +0000 (Thu, 15 Mar 2012)
New Revision: 4531

Log:
Headers with null character are now rejected.

Headers with NUL character aren't allowed by HTTP standard and may cause
various security problems.  They are now unconditionally rejected.


Modified:
   trunk/src/http/ngx_http_parse.c

Modified: trunk/src/http/ngx_http_parse.c
===================================================================

--- trunk/src/http/ngx_http_parse.c	2012-03-15 11:27:12 UTC (rev 4530)
+++ trunk/src/http/ngx_http_parse.c	2012-03-15 11:27:57 UTC (rev 4531)
@@ -874,6 +874,10 @@
                     break;
                 }
 
+                if (ch == '\0') {
+                    return NGX_HTTP_PARSE_INVALID_HEADER;
+                }
+
                 r->invalid_header = 1;
 
                 break;
@@ -936,6 +940,10 @@
                 break;
             }
 
+            if (ch == '\0') {
+                return NGX_HTTP_PARSE_INVALID_HEADER;
+            }
+
             r->invalid_header = 1;
 
             break;
@@ -954,6 +962,8 @@
                 r->header_start = p;
                 r->header_end = p;
                 goto done;
+            case '\0':
+                return NGX_HTTP_PARSE_INVALID_HEADER;
             default:
                 r->header_start = p;
                 state = sw_value;
@@ -975,6 +985,8 @@
             case LF:
                 r->header_end = p;
                 goto done;
+            case '\0':
+                return NGX_HTTP_PARSE_INVALID_HEADER;
             }
             break;
 
@@ -988,6 +1000,8 @@
                 break;
             case LF:
                 goto done;
+            case '\0':
+                return NGX_HTTP_PARSE_INVALID_HEADER;
             default:
                 state = sw_value;
                 break;

