diff options
| author | Jan Kneschke <jan@kneschke.de> | 2007-04-09 18:12:43 +0000 |
|---|---|---|
| committer | Jan Kneschke <jan@kneschke.de> | 2007-04-09 18:12:43 +0000 |
| commit | 961ad1c2dc37d92bb8e23f210d7aae3dedfbae2c (patch) | |
| tree | 20ac907bcf14a379ec372edd304ac337b4d2e60d | |
| parent | 0cf2ff2d71cc4c1b82379ee9b55f9e52978ea2a7 (diff) | |
| download | lighttpd-git-961ad1c2dc37d92bb8e23f210d7aae3dedfbae2c.tar.gz | |
encode newlines in HTTP headers (fixes #1106)
git-svn-id: svn+ssh://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1723 152afb58-edef-0310-8abb-c4023f1b3aa9
| -rw-r--r-- | src/buffer.c | 31 | ||||
| -rw-r--r-- | src/buffer.h | 7 | ||||
| -rw-r--r-- | src/response.c | 8 |
3 files changed, 41 insertions, 5 deletions
diff --git a/src/buffer.c b/src/buffer.c index cf25d5bb..094cee20 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -729,6 +729,29 @@ const char encoded_chars_hex[] = { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* F0 - FF */ }; +const char encoded_chars_http_header[] = { + /* + 0 1 2 3 4 5 6 7 8 9 A B C D E F + */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, /* 00 - 0F */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 10 - 1F */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 20 - 2F */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 30 - 3F */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 40 - 4F */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 50 - 5F */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 60 - 6F */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 70 - 7F */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 80 - 8F */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 90 - 9F */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* A0 - AF */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* B0 - BF */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* C0 - CF */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* D0 - DF */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* E0 - EF */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* F0 - FF */ +}; + + int buffer_append_string_encoded(buffer *b, const char *s, size_t s_len, buffer_encoding_t encoding) { unsigned char *ds, *d; @@ -759,6 +782,9 @@ int buffer_append_string_encoded(buffer *b, const char *s, size_t s_len, buffer_ case ENCODING_HEX: map = encoded_chars_hex; break; + case ENCODING_HTTP_HEADER: + map = encoded_chars_http_header; + break; case ENCODING_UNSET: break; } @@ -777,6 +803,7 @@ int buffer_append_string_encoded(buffer *b, const char *s, size_t s_len, buffer_ case ENCODING_MINIMAL_XML: d_len += 6; break; + case ENCODING_HTTP_HEADER: case ENCODING_HEX: d_len += 2; break; @@ -812,6 +839,10 @@ int buffer_append_string_encoded(buffer *b, const char *s, size_t s_len, buffer_ d[d_len++] = hex_chars[((*ds) >> 4) & 0x0F]; d[d_len++] = hex_chars[(*ds) & 0x0F]; break; + case ENCODING_HTTP_HEADER: + d[d_len++] = *ds; + d[d_len++] = '\t'; + break; case ENCODING_UNSET: break; } diff --git a/src/buffer.h b/src/buffer.h index 82a5f838..af82d45f 100644 --- a/src/buffer.h +++ b/src/buffer.h @@ -87,9 +87,10 @@ typedef enum { ENCODING_UNSET, ENCODING_REL_URI, /* for coding a rel-uri (/with space/and%percent) nicely as part of a href */ ENCODING_REL_URI_PART, /* same as ENC_REL_URL plus coding / too as %2F */ - ENCODING_HTML, /* & becomes & and so on */ - ENCODING_MINIMAL_XML, /* minimal encoding for xml */ - ENCODING_HEX /* encode string as hex */ + ENCODING_HTML, /* & becomes & and so on */ + ENCODING_MINIMAL_XML, /* minimal encoding for xml */ + ENCODING_HEX, /* encode string as hex */ + ENCODING_HTTP_HEADER /* encode \n with \t\n */ } buffer_encoding_t; int buffer_append_string_encoded(buffer *b, const char *s, size_t s_len, buffer_encoding_t encoding); diff --git a/src/response.c b/src/response.c index 5f72a9b5..8687ce20 100644 --- a/src/response.c +++ b/src/response.c @@ -66,7 +66,11 @@ int http_response_write_header(server *srv, connection *con) { BUFFER_APPEND_STRING_CONST(b, "\r\n"); buffer_append_string_buffer(b, ds->key); BUFFER_APPEND_STRING_CONST(b, ": "); - buffer_append_string_buffer(b, ds->value); + + /** + * the value might contain newlines, encode them with at least one white-space + */ + buffer_append_string_encoded(b, CONST_BUF_LEN(ds->value), ENCODING_HTTP_HEADER); #if 0 log_error_write(srv, __FILE__, __LINE__, "bb", ds->key, ds->value); @@ -98,7 +102,7 @@ int http_response_write_header(server *srv, connection *con) { BUFFER_APPEND_STRING_CONST(b, "\r\nServer: " PACKAGE_NAME "/" PACKAGE_VERSION); } else { BUFFER_APPEND_STRING_CONST(b, "\r\nServer: "); - buffer_append_string_buffer(b, con->conf.server_tag); + buffer_append_string_encoded(b, CONST_BUF_LEN(con->conf.server_tag), ENCODING_HTTP_HEADER); } } |