From bd37faff7250ab8f61c81500535e2c94e9bd3800 Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demiobenour@gmail.com>
Date: Sun, 16 Mar 2025 17:06:02 -0400
Subject: [PATCH] HTTP: do not allow headers to end with a bare LF

This is consistent with Node.js.
---
 src/http/ngx_http_parse.c | 49 ++++++++++-----------------------------
 1 file changed, 12 insertions(+), 37 deletions(-)

diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
index 6d2991c38..4fefeba71 100644
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -881,9 +881,6 @@ ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b,
                 r->header_end = p;
                 state = sw_header_almost_done;
                 break;
-            case LF:
-                r->header_end = p;
-                goto header_done;
             default:
                 state = sw_name;
 
@@ -975,10 +972,6 @@ ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b,
                 r->header_end = p;
                 state = sw_almost_done;
                 break;
-            case LF:
-                r->header_start = p;
-                r->header_end = p;
-                goto done;
             default:
                 if (ch > 0x20 && ch != 0x7f) {
                     r->header_start = p;
@@ -1002,9 +995,6 @@ ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b,
                 r->header_end = p;
                 state = sw_almost_done;
                 break;
-            case LF:
-                r->header_end = p;
-                goto done;
             default:
                 if (ch > 0x20 && ch != 0x7f)
                     break;
@@ -1022,8 +1012,6 @@ ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b,
             case CR:
                 state = sw_almost_done;
                 break;
-            case LF:
-                goto done;
             default:
                 if (ch > 0x20 && ch != 0x7f) {
                     state = sw_value;
@@ -1036,22 +1024,25 @@ ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b,
 
         /* end of header line */
         case sw_almost_done:
-            switch (ch) {
-            case LF:
-                goto done;
-            default:
+            if (ch != LF) {
                 return NGX_HTTP_PARSE_INVALID_HEADER;
             }
-            break;
+
+            b->pos = p + 1;
+            r->state = sw_start;
+            r->header_hash = hash;
+            r->lowcase_index = i;
+            return NGX_OK;
 
         /* end of header */
         case sw_header_almost_done:
-            switch (ch) {
-            case LF:
-                goto header_done;
-            default:
+            if (ch != LF) {
                 return NGX_HTTP_PARSE_INVALID_HEADER;
             }
+
+            b->pos = p + 1;
+            r->state = sw_start;
+            return NGX_HTTP_PARSE_HEADER_DONE;
         }
     }
 
@@ -1061,22 +1052,6 @@ ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b,
     r->lowcase_index = i;
 
     return NGX_AGAIN;
-
-done:
-
-    b->pos = p + 1;
-    r->state = sw_start;
-    r->header_hash = hash;
-    r->lowcase_index = i;
-
-    return NGX_OK;
-
-header_done:
-
-    b->pos = p + 1;
-    r->state = sw_start;
-
-    return NGX_HTTP_PARSE_HEADER_DONE;
 }