diff options
author | Valentin Bartenev <vbart@nginx.com> | 2018-01-24 15:02:56 +0300 |
---|---|---|
committer | Valentin Bartenev <vbart@nginx.com> | 2018-01-24 15:02:56 +0300 |
commit | 477e8177b70acb694759e62d830b8a311a736324 (patch) | |
tree | 1e0ca9e93a37daa3110dcd3baa862c604019cdd2 | |
parent | 7e3480b04640ba94a0a94aa95fd9ee5188732b22 (diff) | |
download | unit-477e8177b70acb694759e62d830b8a311a736324.tar.gz unit-477e8177b70acb694759e62d830b8a311a736324.tar.bz2 |
HTTP parser: restricting control chars in header fields values.
This also fixes an infinite loop here (found with honggfuzz).
Diffstat (limited to '')
-rw-r--r-- | src/nxt_http_parse.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/src/nxt_http_parse.c b/src/nxt_http_parse.c index 975fdd98..7393e19e 100644 --- a/src/nxt_http_parse.c +++ b/src/nxt_http_parse.c @@ -650,9 +650,7 @@ nxt_http_parse_field_value(nxt_http_request_parse_t *rp, u_char **pos, break; } - if (ch == '\0') { - return NXT_HTTP_PARSE_INVALID; - } + return NXT_HTTP_PARSE_INVALID; } if (nxt_fast_path(p != *pos)) { |