Author: mdounin
Date: 2012-03-15 11:27:57 +0000 (Thu, 15 Mar 2012)
New Revision: 4531

Log:
Headers with null character are now rejected.

Headers with NUL character aren't allowed by HTTP standard and may cause
various security problems. They are now unconditionally rejected.


Modified:
trunk/src/http/ngx_http_parse.c

Modified: trunk/src/http/ngx_http_parse.c
===================================================================
--- trunk/src/http/ngx_http_parse.c 2012-03-15 11:27:12 UTC (rev 4530)
+++ trunk/src/http/ngx_http_parse.c 2012-03-15 11:27:57 UTC (rev 4531)
@@ -874,6 +874,10 @@
break;
}

+ if (ch == '\0') {
+ return NGX_HTTP_PARSE_INVALID_HEADER;
+ }
+
r->invalid_header = 1;

break;
@@ -936,6 +940,10 @@
break;
}

+ if (ch == '\0') {
+ return NGX_HTTP_PARSE_INVALID_HEADER;
+ }
+
r->invalid_header = 1;

break;
@@ -954,6 +962,8 @@
r->header_start = p;
r->header_end = p;
goto done;
+ case '\0':
+ return NGX_HTTP_PARSE_INVALID_HEADER;
default:
r->header_start = p;
state = sw_value;
@@ -975,6 +985,8 @@
case LF:
r->header_end = p;
goto done;
+ case '\0':
+ return NGX_HTTP_PARSE_INVALID_HEADER;
}
break;

@@ -988,6 +1000,8 @@
break;
case LF:
goto done;
+ case '\0':
+ return NGX_HTTP_PARSE_INVALID_HEADER;
default:
state = sw_value;
break;

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel