diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | src/request.c | 3 |
2 files changed, 3 insertions, 1 deletions
@@ -15,6 +15,7 @@ NEWS * tests: make sure mod_proxy doesn't leave running processes (fixes #2435, thx kibi) * mod_extforward: log address of untrusted proxy with debug.log-request-handling * fix DoS in Connection header value split (reported by Jesse Sipprell, CVE-2012-5533) + * remove whitespace at end of header keys - 1.4.31 - 2012-05-31 * [ssl] fix segfault in counting renegotiations for openssl versions without TLSEXT/SNI (thx carpii for reporting) diff --git a/src/request.c b/src/request.c index 0d749e68..8c6c1707 100644 --- a/src/request.c +++ b/src/request.c @@ -643,10 +643,11 @@ int http_request_parse(server *srv, connection *con) { /* skip WS */ continue; case ':': - /* ok, done */ + /* ok, done; handle the colon the usual way */ i += j - 1; got_colon = 1; + is_ws_after_key = 1; /* we already know the key length */ break; default: |