add a proper test for filtering new lines in headers

svn:r384
2025-09-09 12:28:19 -04:00 · 2007-08-06 21:00:49 +00:00 · 2007-08-06 21:00:49 +00:00 · cd6dd9516d
commit cd6dd9516d
parent 073d359061
2 changed files with 34 additions and 1 deletions
--- a/http.c
+++ b/http.c
@ -1124,7 +1124,8 @@ evhttp_add_header(struct evkeyvalq *headers,

 	event_debug(("%s: key: %s val: %s\n", __func__, key, value));

-	if (strchr(value, '\r') != NULL || strchr(value, '\n') != NULL) {
+	if (strchr(value, '\r') != NULL || strchr(value, '\n') != NULL ||
+	    strchr(key, '\r') != NULL || strchr(key, '\n') != NULL) {
 		/* drop illegal headers */
 		event_debug(("%s: dropping illegal header\n"));
 		return (-1);
--- a/test/regress_http.c
+++ b/test/regress_http.c
@ -723,9 +723,41 @@ http_highport_test(void)
 	exit(1);
 }

+void
+http_bad_header_test()
+{
+	struct evkeyvalq headers;
+
+	fprintf(stdout, "Testing HTTP Header filtering: ");
+
+	TAILQ_INIT(&headers);
+
+	if (evhttp_add_header(&headers, "One", "Two") != 0)
+		goto fail;
+	
+	if (evhttp_add_header(&headers, "One\r", "Two") != -1)
+		goto fail;
+
+	if (evhttp_add_header(&headers, "One\n", "Two") != -1)
+		goto fail;
+
+	if (evhttp_add_header(&headers, "One", "Two\r") != -1)
+		goto fail;
+
+	if (evhttp_add_header(&headers, "One", "Two\n") != -1)
+		goto fail;
+
+	fprintf(stdout, "OK\n");
+	return;
+fail:
+	fprintf(stdout, "FAILED\n");
+	exit(1);
+}
+
 void
 http_suite(void)
 {
+	http_bad_header_test();
 	http_basic_test();
 	http_connection_test(0 /* not-persistent */);
 	http_connection_test(1 /* persistent */);