From: Niels Provos <provos@gmail.com>
Date: Mon, 30 Jul 2007 21:27:33 +0000 (+0000)
Subject: drop illegal header values
X-Git-Tag: release-2.0.1-alpha~611
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d7918e7963db292b49d575fbd3b9c47f4d59c9cf;p=libevent

drop illegal header values


svn:r370
---

diff --git a/http.c b/http.c
index be9421f2..4256cfb5 100644
--- a/http.c
+++ b/http.c
@@ -1115,10 +1115,16 @@ evhttp_remove_header(struct evkeyvalq *headers, const char *key)
 }
 
 int
-evhttp_add_header(struct evkeyvalq *headers, const char *key, const char *value)
+evhttp_add_header(struct evkeyvalq *headers,
+    const char *key, const char *value)
 {
 	struct evkeyval *header;
 
+	if (strchr(value, "\r") != NULL || strchr(value, "\n") != NULL) {
+		/* drop illegal headers */
+		return (-1);
+	}
+
 	header = calloc(1, sizeof(struct evkeyval));
 	if (header == NULL) {
 		event_warn("%s: calloc", __func__);