technocloud-public/nginx-unit
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

HTTP parser: restricting allowed characters in fields values.

Browse Source 
According to RFC 7230 only printable 7-bit ASCII characters are allowed
in field values.
This commit is contained in:
Valentin Bartenev
2018-03-15 21:07:56 +03:00
parent 5a003df1fe
commit 3d2f85d9ca
2 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/nxt_http_parse.c
View File

@@ -679,7 +679,8 @@ nxt_http_lookup_field_end(u_char *p, u_char *end)
#define nxt_field_end_test_char(ch) \ #define nxt_field_end_test_char(ch) \
\ \
if (nxt_slow_path((ch) < 0x10)) { \ /* Values below 0x20 become more than 0xdf. */ \
if (nxt_slow_path((u_char) ((ch) - 0x20) > 0x5e)) { \
return &(ch); \ return &(ch); \
} }

18
src/test/nxt_http_parse_test.c
View File

@@ -280,6 +280,24 @@ static nxt_http_parse_test_case_t nxt_http_test_cases[] = {
NXT_HTTP_PARSE_INVALID, NXT_HTTP_PARSE_INVALID,
NULL, { NULL } NULL, { NULL }
}, },
{
nxt_string("GET / HTTP/1.1\r\n"
"Host: exa\bmple.com\r\n\r\n"),
NXT_HTTP_PARSE_INVALID,
NULL, { NULL }
},
{
nxt_string("GET / HTTP/1.1\r\n"
"Host: пример.испытание\r\n\r\n"),
NXT_HTTP_PARSE_INVALID,
NULL, { NULL }
},
{
nxt_string("GET / HTTP/1.1\r\n"
"Host: xn--e1afmkfd.xn--80akhbyknj4f\r\n\r\n"),
NXT_DONE,
NULL, { NULL }
},
{ {
nxt_string("GET / HTTP/1.1\r\n" nxt_string("GET / HTTP/1.1\r\n"
"X-Unknown-Header: value\r\n" "X-Unknown-Header: value\r\n"