mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-07-22 04:18:34 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

HTTP: do not allow headers to end with a bare LF

Browse Source 
This is consistent with Node.js.
This commit is contained in:
Demi Marie Obenour 2025-03-16 17:06:02 -04:00
parent bb0a2b9de8
commit bd37faff72
1 changed files with 12 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/http/ngx_http_parse.c
View File

@ -881,9 +881,6 @@ ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b,
r->header_end = p; r->header_end = p;
state = sw_header_almost_done; state = sw_header_almost_done;
break; break;
case LF:
r->header_end = p;
goto header_done;
default: default:
state = sw_name; state = sw_name;
@ -975,10 +972,6 @@ ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b,
r->header_end = p; r->header_end = p;
state = sw_almost_done; state = sw_almost_done;
break; break;
case LF:
r->header_start = p;
r->header_end = p;
goto done;
default: default:
if (ch > 0x20 && ch != 0x7f) { if (ch > 0x20 && ch != 0x7f) {
r->header_start = p; r->header_start = p;
@ -1002,9 +995,6 @@ ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b,
r->header_end = p; r->header_end = p;
state = sw_almost_done; state = sw_almost_done;
break; break;
case LF:
r->header_end = p;
goto done;
default: default:
if (ch > 0x20 && ch != 0x7f) if (ch > 0x20 && ch != 0x7f)
break; break;
@ -1022,8 +1012,6 @@ ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b,
case CR: case CR:
state = sw_almost_done; state = sw_almost_done;
break; break;
case LF:
goto done;
default: default:
if (ch > 0x20 && ch != 0x7f) { if (ch > 0x20 && ch != 0x7f) {
state = sw_value; state = sw_value;
@ -1036,22 +1024,25 @@ ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b,
/* end of header line */ /* end of header line */
case sw_almost_done: case sw_almost_done:
switch (ch) { if (ch != LF) {
case LF:
goto done;
default:
return NGX_HTTP_PARSE_INVALID_HEADER; return NGX_HTTP_PARSE_INVALID_HEADER;
} }
break;
b->pos = p + 1;
r->state = sw_start;
r->header_hash = hash;
r->lowcase_index = i;
return NGX_OK;
/* end of header */ /* end of header */
case sw_header_almost_done: case sw_header_almost_done:
switch (ch) { if (ch != LF) {
case LF:
goto header_done;
default:
return NGX_HTTP_PARSE_INVALID_HEADER; return NGX_HTTP_PARSE_INVALID_HEADER;
} }
b->pos = p + 1;
r->state = sw_start;
return NGX_HTTP_PARSE_HEADER_DONE;
} }
} }
@ -1061,22 +1052,6 @@ ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b,
r->lowcase_index = i; r->lowcase_index = i;
return NGX_AGAIN; return NGX_AGAIN;
done:
b->pos = p + 1;
r->state = sw_start;
r->header_hash = hash;
r->lowcase_index = i;
return NGX_OK;
header_done:
b->pos = p + 1;
r->state = sw_start;
return NGX_HTTP_PARSE_HEADER_DONE;
} }