technocloud-public/nginx-unit
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

HTTP parser: restricting control chars in header fields values.

Browse Source 
This also fixes an infinite loop here (found with honggfuzz).
This commit is contained in:
Valentin Bartenev
2018-01-24 15:02:56 +03:00
parent 7e3480b046
commit 477e8177b7
1 changed files with 1 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/nxt_http_parse.c
View File

@@ -650,10 +650,8 @@ nxt_http_parse_field_value(nxt_http_request_parse_t *rp, u_char **pos,
break; break;
} }
if (ch == '\0') {
return NXT_HTTP_PARSE_INVALID; return NXT_HTTP_PARSE_INVALID;
} }
}
if (nxt_fast_path(p != *pos)) { if (nxt_fast_path(p != *pos)) {
while (p[-1] == ' ') { while (p[-1] == ' ') {