add a proper test for filtering new lines in headers

svn:r384

diff --git a/http.c b/http.c
index 2ecf7bdc5ca52b0396da18650e373d348a4b0f0e..ebdfbf0e71d00a7525862a7cccd2d84f8fc1d166 100644 (file)
--- a/http.c
+++ b/http.c
@@ -1124,7 +1124,8 @@ evhttp_add_header(struct evkeyvalq *headers,
 
        event_debug(("%s: key: %s val: %s\n", __func__, key, value));
 
-       if (strchr(value, '\r') != NULL || strchr(value, '\n') != NULL) {
+       if (strchr(value, '\r') != NULL || strchr(value, '\n') != NULL ||
+           strchr(key, '\r') != NULL || strchr(key, '\n') != NULL) {
                /* drop illegal headers */
                event_debug(("%s: dropping illegal header\n"));
                return (-1);

diff --git a/test/regress_http.c b/test/regress_http.c
index 2553ada9206595294e786f4ebb898686f1aa9899..a272f6fd5d2e88eb1f5104486800ce89b84e86a0 100644 (file)
--- a/test/regress_http.c
+++ b/test/regress_http.c
@@ -723,9 +723,41 @@ http_highport_test(void)
        exit(1);
 }
 
+void
+http_bad_header_test()
+{
+       struct evkeyvalq headers;
+
+       fprintf(stdout, "Testing HTTP Header filtering: ");
+
+       TAILQ_INIT(&headers);
+
+       if (evhttp_add_header(&headers, "One", "Two") != 0)
+               goto fail;
+       
+       if (evhttp_add_header(&headers, "One\r", "Two") != -1)
+               goto fail;
+
+       if (evhttp_add_header(&headers, "One\n", "Two") != -1)
+               goto fail;
+
+       if (evhttp_add_header(&headers, "One", "Two\r") != -1)
+               goto fail;
+
+       if (evhttp_add_header(&headers, "One", "Two\n") != -1)
+               goto fail;
+
+       fprintf(stdout, "OK\n");
+       return;
+fail:
+       fprintf(stdout, "FAILED\n");
+       exit(1);
+}
+
 void
 http_suite(void)
 {
+       http_bad_header_test();
        http_basic_test();
        http_connection_test(0 /* not-persistent */);
        http_connection_test(1 /* persistent */);