commit d1ed97b18bc3a7115c060a688be415fdc078bb76
author Maxim Dounin <mdounin@mdounin.ru> Thu Mar 15 11:27:57 2012 +0000
committer Maxim Dounin <mdounin@mdounin.ru> Thu Mar 15 11:27:57 2012 +0000
tree cbda4b24bd9720afebe5522f9178667fd8dd04db
parent eb526b7d7d9ee413b624a78373562183ececa738

Headers with null character are now rejected.

Headers with NUL character aren't allowed by HTTP standard and may cause
various security problems.  They are now unconditionally rejected.

src/http/ngx_http_parse.c

diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
index 956259e..876a437 100644
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -874,6 +874,10 @@
                     break;
                 }
 
+                if (ch == '\0') {
+                    return NGX_HTTP_PARSE_INVALID_HEADER;
+                }
+
                 r->invalid_header = 1;
 
                 break;
@@ -936,6 +940,10 @@
                 break;
             }
 
+            if (ch == '\0') {
+                return NGX_HTTP_PARSE_INVALID_HEADER;
+            }
+
             r->invalid_header = 1;
 
             break;
@@ -954,6 +962,8 @@
                 r->header_start = p;
                 r->header_end = p;
                 goto done;
+            case '\0':
+                return NGX_HTTP_PARSE_INVALID_HEADER;
             default:
                 r->header_start = p;
                 state = sw_value;
@@ -975,6 +985,8 @@
             case LF:
                 r->header_end = p;
                 goto done;
+            case '\0':
+                return NGX_HTTP_PARSE_INVALID_HEADER;
             }
             break;
 
@@ -988,6 +1000,8 @@
                 break;
             case LF:
                 goto done;
+            case '\0':
+                return NGX_HTTP_PARSE_INVALID_HEADER;
             default:
                 state = sw_value;
                 break;