]> granicus.if.org Git - libevent/commitdiff
projects / libevent / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b15d715)
drop illegal header values
authorNiels Provos <provos@gmail.com>
Mon, 30 Jul 2007 21:27:33 +0000 (21:27 +0000)
committerNiels Provos <provos@gmail.com>
Mon, 30 Jul 2007 21:27:33 +0000 (21:27 +0000)
svn:r370

http.c patch | blob | history

diff --git a/http.c b/http.c
index be9421f2c3d6a66b27c8b12c6fec59df0aefdd26..4256cfb556b2f473f11d275dd3fec1c4de552121 100644 (file)
--- a/http.c
+++ b/http.c
@@ -1115,10 +1115,16 @@ evhttp_remove_header(struct evkeyvalq *headers, const char *key)
 }
 
 int
-evhttp_add_header(struct evkeyvalq *headers, const char *key, const char *value)
+evhttp_add_header(struct evkeyvalq *headers,
+    const char *key, const char *value)
 {
        struct evkeyval *header;
 
+       if (strchr(value, "\r") != NULL || strchr(value, "\n") != NULL) {
+               /* drop illegal headers */
+               return (-1);
+       }
+
        header = calloc(1, sizeof(struct evkeyval));
        if (header == NULL) {
                event_warn("%s: calloc", __func__);
Unnamed repository; edit this file 'description' to name the repository.