Check for illegal characters in http header

2020-12-23 18:29:38 +01:00
parent fbd9a2667f
commit 463568182d
2 changed files with 9 additions and 0 deletions
--- a/src/client.c
+++ b/src/client.c
@ -84,6 +84,8 @@ int client_request_handler(sock *client, int req_num) {
            sprintf(err_msg, "Unable to parse header: Invalid method.");
        } else if (ret == 3) {
            sprintf(err_msg, "Unable to parse header: Invalid version");
+        } else if (ret == 4) {
+            sprintf(err_msg, "Unable to parse header: Header contains illegal characters");
        }
        res.status = http_get_status(400);
        goto respond;
--- a/src/http.c
+++ b/src/http.c
@ -71,6 +71,13 @@ int http_receive_request(sock *client, http_req *req) {
            return -1;
        }

+        for (int i = 0; i < rcv_len; i++) {
+            if ((buf[i] >= 0x00 && buf[i] <= 0x1F && buf[i] != '\r' && buf[i] != '\n') || buf[i] == 0x7F) {
+                print(ERR_STR "Unable to parse header: Header contains illegal characters" CLR_STR);
+                return 4;
+            }
+        }
+
        ptr = buf;
        while (rcv_len != (ptr - buf)) {
            pos0 = memchr(ptr, '\r', rcv_len - (ptr - buf));