artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 952c636) | patch
relay_read_http: tighten up header parsing
authormillert <millert@openbsd.org>
Tue, 28 Nov 2023 18:36:55 +0000 (18:36 +0000)
committermillert <millert@openbsd.org>
Tue, 28 Nov 2023 18:36:55 +0000 (18:36 +0000)
commit1c543edce21c8c1ee56ef648930b92ca57a28d4f
tree1d6cd0ca883e3664f7e19d03cc11da5961878758tree | snapshot
parent952c6363a519d5ecee6717646d7c24b911461cd2commit | diff
relay_read_http: tighten up header parsing

1) reject headers with embedded NULs
2) reject headers with invalid characters in the name
3) reject Transfer-Encoding with values other than "chunked"
4) reject chunk values containing non-hex characters
5) reject Content-Length values of "+0" or "-0"
6) reject requests without a ' ' and headers without a ':'

Reported by Ben Kallus, OK bluhm@
usr.sbin/relayd/relay_http.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim