technocloud-public/nginx-unit
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

HTTP parser: restricting allowed characters in fields values.

Browse Source 
According to RFC 7230 only printable 7-bit ASCII characters are allowed
in field values.
This commit is contained in:
Valentin Bartenev
2018-03-15 21:07:56 +03:00
parent 5a003df1fe
commit 3d2f85d9ca
2 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/nxt_http_parse.c
View File

@@ -679,7 +679,8 @@ nxt_http_lookup_field_end(u_char *p, u_char *end)
#define nxt_field_end_test_char(ch) \
\
if (nxt_slow_path((ch) < 0x10)) { \
/* Values below 0x20 become more than 0xdf. */ \
if (nxt_slow_path((u_char) ((ch) - 0x20) > 0x5e)) { \
return &(ch); \
}