From: Niels Provos <provos@gmail.com>
Date: Mon, 6 Aug 2007 21:00:49 +0000 (+0000)
Subject: add a proper test for filtering new lines in headers
X-Git-Tag: release-2.0.1-alpha~600
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cd6dd9516d8bd7a7b94bf7a9ed6f5e63643b7c34;p=libevent

add a proper test for filtering new lines in headers


svn:r384
---

diff --git a/http.c b/http.c
index 2ecf7bdc..ebdfbf0e 100644
--- a/http.c
+++ b/http.c
@@ -1124,7 +1124,8 @@ evhttp_add_header(struct evkeyvalq *headers,
 
 	event_debug(("%s: key: %s val: %s\n", __func__, key, value));
 
-	if (strchr(value, '\r') != NULL || strchr(value, '\n') != NULL) {
+	if (strchr(value, '\r') != NULL || strchr(value, '\n') != NULL ||
+	    strchr(key, '\r') != NULL || strchr(key, '\n') != NULL) {
 		/* drop illegal headers */
 		event_debug(("%s: dropping illegal header\n"));
 		return (-1);
diff --git a/test/regress_http.c b/test/regress_http.c
index 2553ada9..a272f6fd 100644
--- a/test/regress_http.c
+++ b/test/regress_http.c
@@ -723,9 +723,41 @@ http_highport_test(void)
 	exit(1);
 }
 
+void
+http_bad_header_test()
+{
+	struct evkeyvalq headers;
+
+	fprintf(stdout, "Testing HTTP Header filtering: ");
+
+	TAILQ_INIT(&headers);
+
+	if (evhttp_add_header(&headers, "One", "Two") != 0)
+		goto fail;
+	
+	if (evhttp_add_header(&headers, "One\r", "Two") != -1)
+		goto fail;
+
+	if (evhttp_add_header(&headers, "One\n", "Two") != -1)
+		goto fail;
+
+	if (evhttp_add_header(&headers, "One", "Two\r") != -1)
+		goto fail;
+
+	if (evhttp_add_header(&headers, "One", "Two\n") != -1)
+		goto fail;
+
+	fprintf(stdout, "OK\n");
+	return;
+fail:
+	fprintf(stdout, "FAILED\n");
+	exit(1);
+}
+
 void
 http_suite(void)
 {
+	http_bad_header_test();
 	http_basic_test();
 	http_connection_test(0 /* not-persistent */);
 	http_connection_test(1 /* persistent */);