https: validate header field name

59865335 · Rémi Denis-Courmont · 6faf9066 · 59865335
Commit 59865335 authored Dec 14, 2015 by Rémi Denis-Courmont
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 0 deletions

modules/access/http/message.c modules/access/http/message.c +14 -0

No files found.
--- a/modules/access/http/message.c
+++ b/modules/access/http/message.c
@@ -47,9 +47,17 @@ struct vlc_http_msg
    struct vlc_http_stream *payload;
 };

+static bool vlc_http_is_token(const char *);
+
 static int vlc_http_msg_vadd_header(struct vlc_http_msg *m, const char *name,
                                    const char *fmt, va_list ap)
 {
+    if (!vlc_http_is_token(name))
+    {   /* Not a valid field name, i.e. not an HTTP token */
+        errno = EINVAL;
+        return -1;
+    }
+
    char *(*h)[2] = realloc(m->headers, sizeof (char *[2]) * (m->count + 1));
    if (unlikely(h == NULL))
        return -1;
@@ -495,6 +503,12 @@ static size_t vlc_http_token_length(const char *str)
    return i;
 }

+static bool vlc_http_is_token(const char *str)
+{
+    size_t len = vlc_http_token_length(str);
+    return len > 0 && str[len] == '\0';
+}
+
 static size_t vlc_http_comment_length(const char *str)
 {   /* IETF RFC7230 §3.2.6 */
    if (*str != '(')