Klaus Demo nginx / d1ed97b
Headers with null character are now rejected. Headers with NUL character aren't allowed by HTTP standard and may cause various security problems. They are now unconditionally rejected. Maxim Dounin 10 years ago
1 changed file(s) with 14 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
873873 break;
874874 }
875875
876 if (ch == '\0') {
877 return NGX_HTTP_PARSE_INVALID_HEADER;
878 }
879
876880 r->invalid_header = 1;
877881
878882 break;
935939 break;
936940 }
937941
942 if (ch == '\0') {
943 return NGX_HTTP_PARSE_INVALID_HEADER;
944 }
945
938946 r->invalid_header = 1;
939947
940948 break;
953961 r->header_start = p;
954962 r->header_end = p;
955963 goto done;
964 case '\0':
965 return NGX_HTTP_PARSE_INVALID_HEADER;
956966 default:
957967 r->header_start = p;
958968 state = sw_value;
974984 case LF:
975985 r->header_end = p;
976986 goto done;
987 case '\0':
988 return NGX_HTTP_PARSE_INVALID_HEADER;
977989 }
978990 break;
979991
987999 break;
9881000 case LF:
9891001 goto done;
1002 case '\0':
1003 return NGX_HTTP_PARSE_INVALID_HEADER;
9901004 default:
9911005 state = sw_value;
9921006 break;