Browse Source

encode newlines in HTTP headers (fixes #1106)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1723 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.14
Jan Kneschke 15 years ago
parent
commit
a0436cea45
  1. 31
      src/buffer.c
  2. 7
      src/buffer.h
  3. 8
      src/response.c

31
src/buffer.c

@ -729,6 +729,29 @@ const char encoded_chars_hex[] = {
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* F0 - FF */
};
const char encoded_chars_http_header[] = {
/*
0 1 2 3 4 5 6 7 8 9 A B C D E F
*/
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, /* 00 - 0F */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 10 - 1F */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 20 - 2F */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 30 - 3F */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 40 - 4F */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 50 - 5F */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 60 - 6F */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 70 - 7F */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 80 - 8F */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 90 - 9F */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* A0 - AF */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* B0 - BF */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* C0 - CF */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* D0 - DF */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* E0 - EF */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* F0 - FF */
};
int buffer_append_string_encoded(buffer *b, const char *s, size_t s_len, buffer_encoding_t encoding) {
unsigned char *ds, *d;
@ -759,6 +782,9 @@ int buffer_append_string_encoded(buffer *b, const char *s, size_t s_len, buffer_
case ENCODING_HEX:
map = encoded_chars_hex;
break;
case ENCODING_HTTP_HEADER:
map = encoded_chars_http_header;
break;
case ENCODING_UNSET:
break;
}
@ -777,6 +803,7 @@ int buffer_append_string_encoded(buffer *b, const char *s, size_t s_len, buffer_
case ENCODING_MINIMAL_XML:
d_len += 6;
break;
case ENCODING_HTTP_HEADER:
case ENCODING_HEX:
d_len += 2;
break;
@ -812,6 +839,10 @@ int buffer_append_string_encoded(buffer *b, const char *s, size_t s_len, buffer_
d[d_len++] = hex_chars[((*ds) >> 4) & 0x0F];
d[d_len++] = hex_chars[(*ds) & 0x0F];
break;
case ENCODING_HTTP_HEADER:
d[d_len++] = *ds;
d[d_len++] = '\t';
break;
case ENCODING_UNSET:
break;
}

7
src/buffer.h

@ -87,9 +87,10 @@ typedef enum {
ENCODING_UNSET,
ENCODING_REL_URI, /* for coding a rel-uri (/with space/and%percent) nicely as part of a href */
ENCODING_REL_URI_PART, /* same as ENC_REL_URL plus coding / too as %2F */
ENCODING_HTML, /* & becomes & and so on */
ENCODING_MINIMAL_XML, /* minimal encoding for xml */
ENCODING_HEX /* encode string as hex */
ENCODING_HTML, /* & becomes & and so on */
ENCODING_MINIMAL_XML, /* minimal encoding for xml */
ENCODING_HEX, /* encode string as hex */
ENCODING_HTTP_HEADER /* encode \n with \t\n */
} buffer_encoding_t;
int buffer_append_string_encoded(buffer *b, const char *s, size_t s_len, buffer_encoding_t encoding);

8
src/response.c

@ -66,7 +66,11 @@ int http_response_write_header(server *srv, connection *con) {
BUFFER_APPEND_STRING_CONST(b, "\r\n");
buffer_append_string_buffer(b, ds->key);
BUFFER_APPEND_STRING_CONST(b, ": ");
buffer_append_string_buffer(b, ds->value);
/**
* the value might contain newlines, encode them with at least one white-space
*/
buffer_append_string_encoded(b, CONST_BUF_LEN(ds->value), ENCODING_HTTP_HEADER);
#if 0
log_error_write(srv, __FILE__, __LINE__, "bb",
ds->key, ds->value);
@ -98,7 +102,7 @@ int http_response_write_header(server *srv, connection *con) {
BUFFER_APPEND_STRING_CONST(b, "\r\nServer: " PACKAGE_NAME "/" PACKAGE_VERSION);
} else {
BUFFER_APPEND_STRING_CONST(b, "\r\nServer: ");
buffer_append_string_buffer(b, con->conf.server_tag);
buffer_append_string_encoded(b, CONST_BUF_LEN(con->conf.server_tag), ENCODING_HTTP_HEADER);
}
}

Loading…
Cancel
Save