diff options
| -rw-r--r-- | src/request.c | 13 | ||||
| -rw-r--r-- | src/t/test_request.c | 5 | ||||
| -rwxr-xr-x | tests/request.t | 12 |
3 files changed, 15 insertions, 15 deletions
diff --git a/src/request.c b/src/request.c index b72bb974..64b2ba45 100644 --- a/src/request.c +++ b/src/request.c @@ -723,6 +723,19 @@ int http_request_parse(server *srv, connection *con, buffer *hdrs) { switch(*cur) { case ' ': case '\t': + /* RFC7230 Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing + * 3.2.4. Field Parsing + * [...] + * No whitespace is allowed between the header field-name and colon. In + * the past, differences in the handling of such whitespace have led to + * security vulnerabilities in request routing and response handling. A + * server MUST reject any received request message that contains + * whitespace between a header field-name and colon with a response code + * of 400 (Bad Request). A proxy MUST remove any such whitespace from a + * response message before forwarding the message downstream. + */ + if (http_header_strict) + return http_request_header_line_invalid(srv, 400, "invalid whitespace between field-name and colon -> 400"); /* skip every thing up to the : */ do { ++cur; } while (*cur == ' ' || *cur == '\t'); if (*cur != ':') { diff --git a/src/t/test_request.c b/src/t/test_request.c index e001fb6a..1387565e 100644 --- a/src/t/test_request.c +++ b/src/t/test_request.c @@ -310,14 +310,11 @@ static void test_request_http_request_parse(server *srv, connection *con) assert(buffer_is_equal_string(con->request.uri, CONST_STR_LEN("/"))); - run_http_request_parse(srv, con, __LINE__, 0, + run_http_request_parse(srv, con, __LINE__, 400, "whitespace after key", CONST_STR_LEN("GET / HTTP/1.0\r\n" "ABC : foo\r\n" "\r\n")); - ds = (data_string *) - array_get_element_klen(con->request.headers, CONST_STR_LEN("ABC")); - assert(ds && buffer_is_equal_string(ds->value, CONST_STR_LEN("foo"))); run_http_request_parse(srv, con, __LINE__, 400, "whitespace within key", diff --git a/tests/request.t b/tests/request.t index 96ef077b..aa1cace0 100755 --- a/tests/request.t +++ b/tests/request.t @@ -8,7 +8,7 @@ BEGIN { use strict; use IO::Socket; -use Test::More tests => 52; +use Test::More tests => 51; use LightyTest; my $tf = LightyTest->new(); @@ -503,16 +503,6 @@ $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ]; ok($tf->handle_http($t) == 0, 'static file with forbidden pathinfo'); -print "\nConnection header\n"; -$t->{REQUEST} = ( <<EOF -GET /12345.txt HTTP/1.1 -Connection : close -Host: 123.example.org -EOF - ); -$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.1', 'HTTP-Status' => 200, 'HTTP-Content' => '12345'."\n", 'Content-Type' => 'text/plain', 'Connection' => 'close' } ]; -ok($tf->handle_http($t) == 0, 'Connection-header, spaces before ":"'); - $t->{REQUEST} = ( <<EOF GET /12345.txt HTTP/1.1 Connection: ,close |