git
/
nginx
mirror of https://github.com/nginx/nginx.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

check invalid characters in header field-name

This commit is contained in:
sajad 2025-10-19 12:52:09 +03:30
parent 78d1ab5a2c
commit 224b9a3978
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/http/ngx_http_parse.c
View File

@ -959,7 +959,17 @@ ngx_http_parse_header_line(ngx_http_request_t *r, ngx_buf_t *b,
break; break;
} }
if (ch <= 0x20 || ch == 0x7f) { if (ch <= 0x20
|| ch == 0x22
|| ch == 0x28
|| ch == 0x29
|| ch == 0x2c
|| ch == 0x2f
|| (ch >= 0x3b && ch <= 0x40)
|| (ch >= 0x5b && ch <= 0x5d)
|| ch == 0x7b
|| ch == 0x7d
) {
r->header_end = p; r->header_end = p;
return NGX_HTTP_PARSE_INVALID_HEADER; return NGX_HTTP_PARSE_INVALID_HEADER;
} }