From 0d2c8754ee24d37a4180ca13bb4480905e3cc036 Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Sun, 16 Mar 2025 17:03:04 -0400 Subject: [PATCH] HTTP: Do not allow request lines to end with bare CR This is consistent with Node.js. --- src/http/ngx_http_parse.c | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c index f7ee2fb14..9590d9d44 100644 --- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -492,10 +492,6 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) r->http_minor = 9; state = sw_almost_done; break; - case LF: - r->uri_end = p; - r->http_minor = 9; - goto done; case '.': r->complex_uri = 1; state = sw_uri; @@ -565,10 +561,6 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) r->http_minor = 9; state = sw_almost_done; break; - case LF: - r->uri_end = p; - r->http_minor = 9; - goto done; #if (NGX_WIN32) case '\\': r->complex_uri = 1; @@ -615,10 +607,6 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) r->http_minor = 9; state = sw_almost_done; break; - case LF: - r->uri_end = p; - r->http_minor = 9; - goto done; case '#': r->complex_uri = 1; break; @@ -639,9 +627,6 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) r->http_minor = 9; state = sw_almost_done; break; - case LF: - r->http_minor = 9; - goto done; case 'H': r->http_protocol.data = p; state = sw_http_H; @@ -769,8 +754,6 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) case CR: state = sw_almost_done; break; - case LF: - goto done; default: return NGX_HTTP_PARSE_INVALID_REQUEST; }