diff options
| author | stbuehler <stbuehler@152afb58-edef-0310-8abb-c4023f1b3aa9> | 2013-03-25 17:22:36 +0000 |
|---|---|---|
| committer | stbuehler <stbuehler@152afb58-edef-0310-8abb-c4023f1b3aa9> | 2013-03-25 17:22:36 +0000 |
| commit | b83bbcaed2946ea45edac2ec6c6aea52320e95f4 (patch) | |
| tree | d4749f2e33f298ca12f42b33d6347021118c0b4d | |
| parent | 6efa929c7031bdeeec88f38029656ee92604266e (diff) | |
| download | lighttpd-b83bbcaed2946ea45edac2ec6c6aea52320e95f4.tar.gz | |
reject non ASCII characters in HTTP header names
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2868 152afb58-edef-0310-8abb-c4023f1b3aa9
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | src/request.c | 71 |
2 files changed, 24 insertions, 48 deletions
@@ -9,6 +9,7 @@ NEWS follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags. * [mod_fastcgi,log] support multi line logging (fixes #2252) * call ERR_clear_error only for ssl connections in CON_STATE_ERROR + * reject non ASCII characters in HTTP header names - 1.4.32 - 2012-11-21 * Code cleanup with clang/sparse (fixes #2437, thx kibi) diff --git a/src/request.c b/src/request.c index 8c6c1707..c5e26ec1 100644 --- a/src/request.c +++ b/src/request.c @@ -584,7 +584,7 @@ int http_request_parse(server *srv, connection *con) { /** * 1*<any CHAR except CTLs or separators> - * CTLs == 0-31 + 127 + * CTLs == 0-31 + 127, CHAR = 7-bit ascii (0..127) * */ switch(*cur) { @@ -619,8 +619,14 @@ int http_request_parse(server *srv, connection *con) { con->keep_alive = 0; con->response.keep_alive = 0; - log_error_write(srv, __FILE__, __LINE__, "sbsds", + if (srv->srvconf.log_request_header_on_error) { + log_error_write(srv, __FILE__, __LINE__, "sbsds", "invalid character in key", con->request.request, cur, *cur, "-> 400"); + + log_error_write(srv, __FILE__, __LINE__, "Sb", + "request-header:\n", + con->request.request); + } return 0; case ' ': case '\t': @@ -678,8 +684,6 @@ int http_request_parse(server *srv, connection *con) { i++; done = 1; - - break; } else { if (srv->srvconf.log_request_header_on_error) { log_error_write(srv, __FILE__, __LINE__, "s", "CR without LF -> 400"); @@ -693,53 +697,24 @@ int http_request_parse(server *srv, connection *con) { con->response.keep_alive = 0; return 0; } - /* fall thru */ - case 0: /* illegal characters (faster than a if () :) */ - case 1: - case 2: - case 3: - case 4: - case 5: - case 6: - case 7: - case 8: - case 10: - case 11: - case 12: - case 14: - case 15: - case 16: - case 17: - case 18: - case 19: - case 20: - case 21: - case 22: - case 23: - case 24: - case 25: - case 26: - case 27: - case 28: - case 29: - case 30: - case 31: - case 127: - con->http_status = 400; - con->keep_alive = 0; - con->response.keep_alive = 0; + break; + default: + if (*cur < 32 || ((unsigned char)*cur) >= 127) { + con->http_status = 400; + con->keep_alive = 0; + con->response.keep_alive = 0; - if (srv->srvconf.log_request_header_on_error) { - log_error_write(srv, __FILE__, __LINE__, "sbsds", - "CTL character in key", con->request.request, cur, *cur, "-> 400"); + if (srv->srvconf.log_request_header_on_error) { + log_error_write(srv, __FILE__, __LINE__, "sbsds", + "invalid character in key", con->request.request, cur, *cur, "-> 400"); - log_error_write(srv, __FILE__, __LINE__, "Sb", - "request-header:\n", - con->request.request); - } + log_error_write(srv, __FILE__, __LINE__, "Sb", + "request-header:\n", + con->request.request); + } - return 0; - default: + return 0; + } /* ok */ break; } |