commit c9623549c337f39c6f81a8b25f87f1b1d8265071
parent 9b52a435ef23eef4703e19a8e6c6c3b402f2a1b2
Author: Evgeny Grin (Karlson2k) <k2k@drgrin.dev>
Date: Wed, 31 Dec 2025 18:20:35 +0100
Added check for empty "Host:" value
Diffstat:
3 files changed, 45 insertions(+), 14 deletions(-)
diff --git a/src/include/microhttpd2.h b/src/include/microhttpd2.h
@@ -639,40 +639,45 @@ enum MHD_FIXED_ENUM_MHD_SET_ MHD_StatusCode
MHD_SC_HOST_HEADER_SEVERAL = 40061
,
/**
+ * The value of the "Host:" header is invalid.
+ */
+ MHD_SC_HOST_HEADER_MALFORMED = 40062
+ ,
+ /**
* The given content length was not a number.
*/
- MHD_SC_CONTENT_LENGTH_MALFORMED = 40062
+ MHD_SC_CONTENT_LENGTH_MALFORMED = 40065
,
/**
* Request has more than one "Content-Length:" header with the same value.
*/
- MHD_SC_CONTENT_LENGTH_SEVERAL_SAME = 40063
+ MHD_SC_CONTENT_LENGTH_SEVERAL_SAME = 40066
,
/**
* Request has more than one "Content-Length:" header with the different
* values.
*/
- MHD_SC_CONTENT_LENGTH_SEVERAL_DIFFERENT = 40064
+ MHD_SC_CONTENT_LENGTH_SEVERAL_DIFFERENT = 40067
,
/**
* The BOTH Content-Length and Transfer-Encoding headers are used.
*/
- MHD_SC_CONTENT_LENGTH_AND_TR_ENC = 40065
+ MHD_SC_CONTENT_LENGTH_AND_TR_ENC = 40068
,
/**
* The Content-Length is too large to be handled.
*/
- MHD_SC_CONTENT_LENGTH_TOO_LARGE = 40066
+ MHD_SC_CONTENT_LENGTH_TOO_LARGE = 40069
,
/**
* Transfer encoding in request is unsupported or invalid.
*/
- MHD_SC_TRANSFER_ENCODING_UNSUPPORTED = 40067
+ MHD_SC_TRANSFER_ENCODING_UNSUPPORTED = 40075
,
/**
* "Expect:" value in request is unsupported or invalid.
*/
- MHD_SC_EXPECT_HEADER_VALUE_UNSUPPORTED = 40068
+ MHD_SC_EXPECT_HEADER_VALUE_UNSUPPORTED = 40076
,
/**
* The given uploaded, chunked-encoded body was malformed.
diff --git a/src/include/microhttpd2_preamble.h.in b/src/include/microhttpd2_preamble.h.in
@@ -639,40 +639,45 @@ enum MHD_FIXED_ENUM_MHD_SET_ MHD_StatusCode
MHD_SC_HOST_HEADER_SEVERAL = 40061
,
/**
+ * The value of the "Host:" header is invalid.
+ */
+ MHD_SC_HOST_HEADER_MALFORMED = 40062
+ ,
+ /**
* The given content length was not a number.
*/
- MHD_SC_CONTENT_LENGTH_MALFORMED = 40062
+ MHD_SC_CONTENT_LENGTH_MALFORMED = 40065
,
/**
* Request has more than one "Content-Length:" header with the same value.
*/
- MHD_SC_CONTENT_LENGTH_SEVERAL_SAME = 40063
+ MHD_SC_CONTENT_LENGTH_SEVERAL_SAME = 40066
,
/**
* Request has more than one "Content-Length:" header with the different
* values.
*/
- MHD_SC_CONTENT_LENGTH_SEVERAL_DIFFERENT = 40064
+ MHD_SC_CONTENT_LENGTH_SEVERAL_DIFFERENT = 40067
,
/**
* The BOTH Content-Length and Transfer-Encoding headers are used.
*/
- MHD_SC_CONTENT_LENGTH_AND_TR_ENC = 40065
+ MHD_SC_CONTENT_LENGTH_AND_TR_ENC = 40068
,
/**
* The Content-Length is too large to be handled.
*/
- MHD_SC_CONTENT_LENGTH_TOO_LARGE = 40066
+ MHD_SC_CONTENT_LENGTH_TOO_LARGE = 40069
,
/**
* Transfer encoding in request is unsupported or invalid.
*/
- MHD_SC_TRANSFER_ENCODING_UNSUPPORTED = 40067
+ MHD_SC_TRANSFER_ENCODING_UNSUPPORTED = 40075
,
/**
* "Expect:" value in request is unsupported or invalid.
*/
- MHD_SC_EXPECT_HEADER_VALUE_UNSUPPORTED = 40068
+ MHD_SC_EXPECT_HEADER_VALUE_UNSUPPORTED = 40076
,
/**
* The given uploaded, chunked-encoded body was malformed.
diff --git a/src/mhd2/stream_process_request.c b/src/mhd2/stream_process_request.c
@@ -379,6 +379,17 @@
"</html>"
/**
+ * Response text used when the request has more than one "Host:" header.
+ */
+#define ERR_RSP_REQUEST_HAS_MALFORMED_HOST \
+ "<html>" \
+ "<head>" \
+ "<title>Malformed "Host:" header</title></head>" \
+ "<body>" \
+ "Malformed <b>"Host:"</b> header in the request.</body>" \
+ "</html>"
+
+/**
* Response text used when the request has unsupported "Transfer-Encoding:".
*/
#define ERR_RSP_UNSUPPORTED_TR_ENCODING \
@@ -2692,6 +2703,16 @@ mhd_stream_parse_request_headers (struct MHD_Connection *restrict c)
ERR_RSP_REQUEST_HAS_SEVERAL_HOSTS);
return;
}
+ if ((0u == f->field.nv.value.len)
+ && (-3 < c->daemon->req_cfg.strictness))
+ {
+ mhd_LOG_MSG (c->daemon, MHD_SC_HOST_HEADER_MALFORMED, \
+ "Received request with empty 'Host' header.");
+ mhd_RESPOND_WITH_ERROR_STATIC (c,
+ MHD_HTTP_STATUS_BAD_REQUEST,
+ ERR_RSP_REQUEST_HAS_MALFORMED_HOST);
+ return;
+ }
has_host = true;
continue;
}
