rpms / squid

Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-4 c8-stream-4 c8s-stream-4 c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   squid-3.5.20-CVE-2020-15810.patch
Blob Blame History Raw 
diff --git a/src/HttpHeader.cc b/src/HttpHeader.cc
index ef60c02..ce55a6f 100644
--- a/src/HttpHeader.cc
+++ b/src/HttpHeader.cc
@@ -12,6 +12,7 @@
 #include "base64.h"
 #include "globals.h"
 #include "http/ContentLengthInterpreter.h"
+#include "base/CharacterSet.h"
 #include "HttpHdrCc.h"
 #include "HttpHdrContRange.h"
 #include "HttpHdrSc.h"
@@ -707,18 +708,6 @@ HttpHeader::parse(const char *header_start, const char *header_end)
             return 0;
         }
 
-
-        if (e->id == HDR_OTHER && stringHasWhitespace(e->name.termedBuf())) {
-            debugs(55, warnOnError, "WARNING: found whitespace in HTTP header name {" <<
-                   getStringPrefix(field_start, field_end) << "}");
-
-            if (!Config.onoff.relaxed_header_parser) {
-                delete e;
-                PROF_stop(HttpHeaderParse);
-                return reset();
-            }
-        }
-
         addEntry(e);
     }
 
@@ -1653,6 +1642,20 @@ HttpHeaderEntry::parse(const char *field_start, const char *field_end)
             return NULL;
     }
 
+    /* RFC 7230 section 3.2:
+     *
+     *  header-field   = field-name ":" OWS field-value OWS
+     *  field-name     = token
+     *  token          = 1*TCHAR
+     */
+    for (const char *pos = field_start; pos < (field_start+name_len); ++pos) {
+        if (!CharacterSet::TCHAR[*pos]) {
+            debugs(55, 2, "found header with invalid characters in " <<
+                   Raw("field-name", field_start, min(name_len,100)) << "...");
+            return nullptr;
+        }
+    }
+
     /* now we know we can parse it */
 
     debugs(55, 9, "parsing HttpHeaderEntry: near '" <<  getStringPrefix(field_start, field_end) << "'");

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation