From 463568182d64cd19e15951d9ad0d2f6fefb23bf1 Mon Sep 17 00:00:00 2001
From: Lorenz Stechauner <lorenz.stechauner@necronda.net>
Date: Wed, 23 Dec 2020 18:29:38 +0100
Subject: [PATCH] Check for illegal characters in http header

---
 src/client.c | 2 ++
 src/http.c   | 7 +++++++
 2 files changed, 9 insertions(+)

diff --git a/src/client.c b/src/client.c
index e9398df..6f66a7b 100644
--- a/src/client.c
+++ b/src/client.c
@@ -84,6 +84,8 @@ int client_request_handler(sock *client, int req_num) {
             sprintf(err_msg, "Unable to parse header: Invalid method.");
         } else if (ret == 3) {
             sprintf(err_msg, "Unable to parse header: Invalid version");
+        } else if (ret == 4) {
+            sprintf(err_msg, "Unable to parse header: Header contains illegal characters");
         }
         res.status = http_get_status(400);
         goto respond;
diff --git a/src/http.c b/src/http.c
index fc364f3..db7ee56 100644
--- a/src/http.c
+++ b/src/http.c
@@ -71,6 +71,13 @@ int http_receive_request(sock *client, http_req *req) {
             return -1;
         }
 
+        for (int i = 0; i < rcv_len; i++) {
+            if ((buf[i] >= 0x00 && buf[i] <= 0x1F && buf[i] != '\r' && buf[i] != '\n') || buf[i] == 0x7F) {
+                print(ERR_STR "Unable to parse header: Header contains illegal characters" CLR_STR);
+                return 4;
+            }
+        }
+
         ptr = buf;
         while (rcv_len != (ptr - buf)) {
             pos0 = memchr(ptr, '\r', rcv_len - (ptr - buf));