HTTP parser: restricting allowed characters in fields values.

According to RFC 7230 only printable 7-bit ASCII characters are allowed in field values.
author: Valentin Bartenev <vbart@nginx.com> 2018-03-15 21:07:56 +0300
committer: Valentin Bartenev <vbart@nginx.com> 2018-03-15 21:07:56 +0300
commit: 3d2f85d9ca66aecaf1c46a818998a27f99f755e2 (patch)
tree: e1afdc588ab1d5d1428893d6baaf5aa407097f1f /src/nxt_http_parse.c
parent: 5a003df1fedc45ba091e947a9d7b7f2351d6edb6 (diff)
download: unit-3d2f85d9ca66aecaf1c46a818998a27f99f755e2.tar.gz
unit-3d2f85d9ca66aecaf1c46a818998a27f99f755e2.tar.bz2
1 files changed, 2 insertions, 1 deletions
diff --git a/src/nxt_http_parse.c b/src/nxt_http_parse.c
index f8249abb..95127569 100644
--- a/src/nxt_http_parse.c
+++ b/src/nxt_http_parse.c
@@ -679,7 +679,8 @@ nxt_http_lookup_field_end(u_char *p, u_char *end)
 
 #define nxt_field_end_test_char(ch)                                           \
                                                                               \
-        if (nxt_slow_path((ch) < 0x10)) {                                     \
+        /* Values below 0x20 become more than 0xdf. */                        \
+        if (nxt_slow_path((u_char) ((ch) - 0x20) > 0x5e)) {                   \
             return &(ch);                                                     \
         }
author	Valentin Bartenev <vbart@nginx.com>	2018-03-15 21:07:56 +0300
committer	Valentin Bartenev <vbart@nginx.com>	2018-03-15 21:07:56 +0300
commit	3d2f85d9ca66aecaf1c46a818998a27f99f755e2 (patch)
tree	e1afdc588ab1d5d1428893d6baaf5aa407097f1f /src/nxt_http_parse.c
parent	5a003df1fedc45ba091e947a9d7b7f2351d6edb6 (diff)
download	unit-3d2f85d9ca66aecaf1c46a818998a27f99f755e2.tar.gz unit-3d2f85d9ca66aecaf1c46a818998a27f99f755e2.tar.bz2