CVSROOT: /cvs Module name: src Changes by: [email protected] 2023/11/29 08:35:07
Modified files:
usr.sbin/relayd: relay_http.c
Log message:
relay_read_http: defer header parsing until after line continuation
Wait until we have a complete line before parsing the Content-Length,
Transfer-Encoding and Host headers. This prevents potential request
smuggling attacks. Filtering already happens after header line
continuation has been performed. Reported by Ben Kallus.
OK claudio@
