|
|
07d5a6 |
diff --git a/src/HttpHeader.cc b/src/HttpHeader.cc
|
|
|
07d5a6 |
index ef60c02..ce55a6f 100644
|
|
|
07d5a6 |
--- a/src/HttpHeader.cc
|
|
|
07d5a6 |
+++ b/src/HttpHeader.cc
|
|
|
07d5a6 |
@@ -12,6 +12,7 @@
|
|
|
07d5a6 |
#include "base64.h"
|
|
|
07d5a6 |
#include "globals.h"
|
|
|
07d5a6 |
#include "http/ContentLengthInterpreter.h"
|
|
|
07d5a6 |
+#include "base/CharacterSet.h"
|
|
|
07d5a6 |
#include "HttpHdrCc.h"
|
|
|
07d5a6 |
#include "HttpHdrContRange.h"
|
|
|
07d5a6 |
#include "HttpHdrSc.h"
|
|
|
07d5a6 |
@@ -707,18 +708,6 @@ HttpHeader::parse(const char *header_start, const char *header_end)
|
|
|
07d5a6 |
return 0;
|
|
|
07d5a6 |
}
|
|
|
07d5a6 |
|
|
|
07d5a6 |
-
|
|
|
07d5a6 |
- if (e->id == HDR_OTHER && stringHasWhitespace(e->name.termedBuf())) {
|
|
|
07d5a6 |
- debugs(55, warnOnError, "WARNING: found whitespace in HTTP header name {" <<
|
|
|
07d5a6 |
- getStringPrefix(field_start, field_end) << "}");
|
|
|
07d5a6 |
-
|
|
|
07d5a6 |
- if (!Config.onoff.relaxed_header_parser) {
|
|
|
07d5a6 |
- delete e;
|
|
|
07d5a6 |
- PROF_stop(HttpHeaderParse);
|
|
|
07d5a6 |
- return reset();
|
|
|
07d5a6 |
- }
|
|
|
07d5a6 |
- }
|
|
|
07d5a6 |
-
|
|
|
07d5a6 |
addEntry(e);
|
|
|
07d5a6 |
}
|
|
|
07d5a6 |
|
|
|
07d5a6 |
@@ -1653,6 +1642,20 @@ HttpHeaderEntry::parse(const char *field_start, const char *field_end)
|
|
|
07d5a6 |
return NULL;
|
|
|
07d5a6 |
}
|
|
|
07d5a6 |
|
|
|
07d5a6 |
+ /* RFC 7230 section 3.2:
|
|
|
07d5a6 |
+ *
|
|
|
07d5a6 |
+ * header-field = field-name ":" OWS field-value OWS
|
|
|
07d5a6 |
+ * field-name = token
|
|
|
07d5a6 |
+ * token = 1*TCHAR
|
|
|
07d5a6 |
+ */
|
|
|
07d5a6 |
+ for (const char *pos = field_start; pos < (field_start+name_len); ++pos) {
|
|
|
07d5a6 |
+ if (!CharacterSet::TCHAR[*pos]) {
|
|
|
07d5a6 |
+ debugs(55, 2, "found header with invalid characters in " <<
|
|
|
07d5a6 |
+ Raw("field-name", field_start, min(name_len,100)) << "...");
|
|
|
07d5a6 |
+ return nullptr;
|
|
|
07d5a6 |
+ }
|
|
|
07d5a6 |
+ }
|
|
|
07d5a6 |
+
|
|
|
07d5a6 |
/* now we know we can parse it */
|
|
|
07d5a6 |
|
|
|
07d5a6 |
debugs(55, 9, "parsing HttpHeaderEntry: near '" << getStringPrefix(field_start, field_end) << "'");
|