Headers with null character are now rejected.
Headers with NUL character aren't allowed by HTTP standard and may cause
various security problems. They are now unconditionally rejected.
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
index 956259e..876a437 100644
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -874,6 +874,10 @@
break;
}
+ if (ch == '\0') {
+ return NGX_HTTP_PARSE_INVALID_HEADER;
+ }
+
r->invalid_header = 1;
break;
@@ -936,6 +940,10 @@
break;
}
+ if (ch == '\0') {
+ return NGX_HTTP_PARSE_INVALID_HEADER;
+ }
+
r->invalid_header = 1;
break;
@@ -954,6 +962,8 @@
r->header_start = p;
r->header_end = p;
goto done;
+ case '\0':
+ return NGX_HTTP_PARSE_INVALID_HEADER;
default:
r->header_start = p;
state = sw_value;
@@ -975,6 +985,8 @@
case LF:
r->header_end = p;
goto done;
+ case '\0':
+ return NGX_HTTP_PARSE_INVALID_HEADER;
}
break;
@@ -988,6 +1000,8 @@
break;
case LF:
goto done;
+ case '\0':
+ return NGX_HTTP_PARSE_INVALID_HEADER;
default:
state = sw_value;
break;