[trafficserver] branch 6.2.x updated: Return 400 if there is whitespace after the field name and before the colon

Wed, 18 Jul 2018 12:34:08 -0700 

This is an automated email from the ASF dual-hosted git repository.

sorber pushed a commit to branch 6.2.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/6.2.x by this push:
     new 9886bb2  Return 400 if there is whitespace after the field name and 
before the colon
9886bb2 is described below

commit 9886bb2fd052f013ba4a8b15634cc6b1015d3b02
Author: Bryan Call <[email protected]>
AuthorDate: Fri Feb 23 14:48:53 2018 -0800

    Return 400 if there is whitespace after the field name and before the
    colon
    
    (cherry picked from commit 08512deb11a610ae7084ce678b19bd637e30b3e1)
    
     Conflicts:
        proxy/hdrs/MIME.cc
---
 proxy/hdrs/HdrTest.cc |  2 +-
 proxy/hdrs/MIME.cc    | 12 ++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/proxy/hdrs/HdrTest.cc b/proxy/hdrs/HdrTest.cc
index 7cb4198..2219769 100644
--- a/proxy/hdrs/HdrTest.cc
+++ b/proxy/hdrs/HdrTest.cc
@@ -483,7 +483,7 @@ HdrTest::test_mime()
     "continuation: part1\r\n"
     " part2\r\n"
     "scooby: doo\r\n"
-    "scooby : doo\r\n"
+    " scooby: doo\r\n"
     "bar: foo\r\n"
     "\r\n",
   };
diff --git a/proxy/hdrs/MIME.cc b/proxy/hdrs/MIME.cc
index 4caf5fa..1b449f8 100644
--- a/proxy/hdrs/MIME.cc
+++ b/proxy/hdrs/MIME.cc
@@ -2545,8 +2545,16 @@ mime_parser_parse(MIMEParser *parser, HdrHeap *heap, 
MIMEHdrImpl *mh, const char
     if (!colon)
       continue; // toss away garbage line
     field_name_last = colon - 1;
-    while ((field_name_last >= field_name_first) && is_ws(*field_name_last))
-      --field_name_last;
+    // RFC7230 section 3.2.4:
+    // No whitespace is allowed between the header field-name and colon.  In
+    // the past, differences in the handling of such whitespace have led to
+    // security vulnerabilities in request routing and response handling.  A
+    // server MUST reject any received request message that contains
+    // whitespace between a header field-name and colon with a response code
+    // of 400 (Bad Request).
+    if ((field_name_last >= field_name_first) && is_ws(*field_name_last)) {
+      return PARSE_ERROR;
+    }
 
     // find value first
     field_value_first = colon + 1;

Reply via email to