Welcome! Log In Create A New Profile

[patch] reject http header without colon (:) in the header name

Forum List Message List New Topic Print View

Maksim Yevmenkin

May 07, 2024 05:34PM

hello,

it appears that nginx would happily accept http header without colon
(:) in the header name. the patch below tries to address this.

thanks
max

==
--- a/ports/netflix/nginx/files/nginx/src/http/ngx_http_parse.c
+++ b/ports/netflix/nginx/files/nginx/src/http/ngx_http_parse.c
@@ -941,14 +941,14 @@ ngx_http_parse_header_line(ngx_http_request_t
*r, ngx_buf_t *b,
r->header_start = p;
r->header_end = p;
state = sw_almost_done;
- break;
+ return NGX_HTTP_PARSE_INVALID_HEADER;
}

if (ch == LF) {
r->header_name_end = p;
r->header_start = p;
r->header_end = p;
- goto done;
+ return NGX_HTTP_PARSE_INVALID_HEADER;
}

/* IIS may send the duplicate "HTTP/1.1 ..." lines */
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[patch] reject http header without colon (:) in the header name	Maksim Yevmenkin	106	May 07, 2024 05:34PM
Re: [patch] reject http header without colon (:) in the header name	Ben Kallus	26	May 07, 2024 06:00PM
Re: [patch] reject http header without colon (:) in the header name	Roman Arutyunyan	19	May 13, 2024 03:20AM
Re: [patch] reject http header without colon (:) in the header name	Ben Kallus	15	May 13, 2024 10:32AM
Re: [patch] reject http header without colon (:) in the header name	Илья Шипицин	19	May 13, 2024 12:02PM
Re: [patch] reject http header without colon (:) in the header name	Ben Kallus	16	May 13, 2024 04:12PM