diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2019-05-03 15:44:12 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2019-05-03 15:44:12 +0300 |
commit | bcdff026967469e6c9cd1a22db80721712586a8e (patch) | |
tree | 129e6f6776144ada4a2c02deb3330dc912a24ee7 /src/microhttpd/connection.c | |
parent | 8aa7d23219052cde065b93adf04c5ded067a1fea (diff) | |
download | libmicrohttpd-bcdff026967469e6c9cd1a22db80721712586a8e.tar.gz libmicrohttpd-bcdff026967469e6c9cd1a22db80721712586a8e.zip |
Disallow binary zero in header and cookies.
Diffstat (limited to 'src/microhttpd/connection.c')
-rw-r--r-- | src/microhttpd/connection.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c index 611d4141..78c36f07 100644 --- a/src/microhttpd/connection.c +++ b/src/microhttpd/connection.c | |||
@@ -714,12 +714,10 @@ MHD_get_connection_values (struct MHD_Connection *connection, | |||
714 | 714 | ||
715 | 715 | ||
716 | /** | 716 | /** |
717 | * This function can be used to add an entry to the HTTP headers of a | 717 | * This function can be used to add an arbitrary entry to connection. |
718 | * connection (so that the #MHD_get_connection_values function will | 718 | * This function could add entry with binary zero, which is allowed |
719 | * return them -- and the `struct MHD_PostProcessor` will also see | 719 | * for #MHD_GET_ARGUMENT_KIND. For other kind on entries it is |
720 | * them). This maybe required in certain situations (see Mantis | 720 | * recommended to use #MHD_set_connection_value. |
721 | * #1399) where (broken) HTTP implementations fail to supply values | ||
722 | * needed by the post processor (or other parts of the application). | ||
723 | * | 721 | * |
724 | * This function MUST only be called from within the | 722 | * This function MUST only be called from within the |
725 | * #MHD_AccessHandlerCallback (otherwise, access maybe improperly | 723 | * #MHD_AccessHandlerCallback (otherwise, access maybe improperly |
@@ -731,10 +729,10 @@ MHD_get_connection_values (struct MHD_Connection *connection, | |||
731 | * @param connection the connection for which a | 729 | * @param connection the connection for which a |
732 | * value should be set | 730 | * value should be set |
733 | * @param kind kind of the value | 731 | * @param kind kind of the value |
734 | * @param key key for the value | 732 | * @param key key for the value, must be zero-terminated |
735 | * @param key_size number of bytes in @a key (excluding 0-terminator for C-strings) | 733 | * @param key_size number of bytes in @a key (excluding 0-terminator) |
736 | * @param value the value itself | 734 | * @param value the value itself, must be zero-terminated |
737 | * @param value_size number of bytes in @a value (excluding 0-terminator for C-strings) | 735 | * @param value_size number of bytes in @a value (excluding 0-terminator) |
738 | * @return #MHD_NO if the operation could not be | 736 | * @return #MHD_NO if the operation could not be |
739 | * performed due to insufficient memory; | 737 | * performed due to insufficient memory; |
740 | * #MHD_YES on success | 738 | * #MHD_YES on success |
@@ -750,6 +748,11 @@ MHD_set_connection_value_n (struct MHD_Connection *connection, | |||
750 | { | 748 | { |
751 | struct MHD_HTTP_Header *pos; | 749 | struct MHD_HTTP_Header *pos; |
752 | 750 | ||
751 | if ( (MHD_GET_ARGUMENT_KIND != kind) && | ||
752 | ( (strlen(key) != key_size) || | ||
753 | (strlen(value) != value_size) ) ) | ||
754 | return MHD_NO; /* binary zero is allowed only in GET arguments */ | ||
755 | |||
753 | pos = MHD_pool_allocate (connection->pool, | 756 | pos = MHD_pool_allocate (connection->pool, |
754 | sizeof (struct MHD_HTTP_Header), | 757 | sizeof (struct MHD_HTTP_Header), |
755 | MHD_YES); | 758 | MHD_YES); |