diff options
| author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2019-05-03 15:44:12 +0300 |
|---|---|---|
| committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2019-05-03 15:44:12 +0300 |
| commit | bcdff026967469e6c9cd1a22db80721712586a8e (patch) | |
| tree | 129e6f6776144ada4a2c02deb3330dc912a24ee7 /src/microhttpd/connection.c | |
| parent | 8aa7d23219052cde065b93adf04c5ded067a1fea (diff) | |
| download | libmicrohttpd-bcdff026967469e6c9cd1a22db80721712586a8e.tar.gz libmicrohttpd-bcdff026967469e6c9cd1a22db80721712586a8e.zip | |
Disallow binary zero in header and cookies.
Diffstat (limited to 'src/microhttpd/connection.c')
| -rw-r--r-- | src/microhttpd/connection.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c index 611d4141..78c36f07 100644 --- a/src/microhttpd/connection.c +++ b/src/microhttpd/connection.c | |||
| @@ -714,12 +714,10 @@ MHD_get_connection_values (struct MHD_Connection *connection, | |||
| 714 | 714 | ||
| 715 | 715 | ||
| 716 | /** | 716 | /** |
| 717 | * This function can be used to add an entry to the HTTP headers of a | 717 | * This function can be used to add an arbitrary entry to connection. |
| 718 | * connection (so that the #MHD_get_connection_values function will | 718 | * This function could add entry with binary zero, which is allowed |
| 719 | * return them -- and the `struct MHD_PostProcessor` will also see | 719 | * for #MHD_GET_ARGUMENT_KIND. For other kind on entries it is |
| 720 | * them). This maybe required in certain situations (see Mantis | 720 | * recommended to use #MHD_set_connection_value. |
| 721 | * #1399) where (broken) HTTP implementations fail to supply values | ||
| 722 | * needed by the post processor (or other parts of the application). | ||
| 723 | * | 721 | * |
| 724 | * This function MUST only be called from within the | 722 | * This function MUST only be called from within the |
| 725 | * #MHD_AccessHandlerCallback (otherwise, access maybe improperly | 723 | * #MHD_AccessHandlerCallback (otherwise, access maybe improperly |
| @@ -731,10 +729,10 @@ MHD_get_connection_values (struct MHD_Connection *connection, | |||
| 731 | * @param connection the connection for which a | 729 | * @param connection the connection for which a |
| 732 | * value should be set | 730 | * value should be set |
| 733 | * @param kind kind of the value | 731 | * @param kind kind of the value |
| 734 | * @param key key for the value | 732 | * @param key key for the value, must be zero-terminated |
| 735 | * @param key_size number of bytes in @a key (excluding 0-terminator for C-strings) | 733 | * @param key_size number of bytes in @a key (excluding 0-terminator) |
| 736 | * @param value the value itself | 734 | * @param value the value itself, must be zero-terminated |
| 737 | * @param value_size number of bytes in @a value (excluding 0-terminator for C-strings) | 735 | * @param value_size number of bytes in @a value (excluding 0-terminator) |
| 738 | * @return #MHD_NO if the operation could not be | 736 | * @return #MHD_NO if the operation could not be |
| 739 | * performed due to insufficient memory; | 737 | * performed due to insufficient memory; |
| 740 | * #MHD_YES on success | 738 | * #MHD_YES on success |
| @@ -750,6 +748,11 @@ MHD_set_connection_value_n (struct MHD_Connection *connection, | |||
| 750 | { | 748 | { |
| 751 | struct MHD_HTTP_Header *pos; | 749 | struct MHD_HTTP_Header *pos; |
| 752 | 750 | ||
| 751 | if ( (MHD_GET_ARGUMENT_KIND != kind) && | ||
| 752 | ( (strlen(key) != key_size) || | ||
| 753 | (strlen(value) != value_size) ) ) | ||
| 754 | return MHD_NO; /* binary zero is allowed only in GET arguments */ | ||
| 755 | |||
| 753 | pos = MHD_pool_allocate (connection->pool, | 756 | pos = MHD_pool_allocate (connection->pool, |
| 754 | sizeof (struct MHD_HTTP_Header), | 757 | sizeof (struct MHD_HTTP_Header), |
| 755 | MHD_YES); | 758 | MHD_YES); |