This is an automated email from the ASF dual-hosted git repository. sorber pushed a commit to branch 6.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/6.2.x by this push: new 9886bb2 Return 400 if there is whitespace after the field name and before the colon 9886bb2 is described below commit 9886bb2fd052f013ba4a8b15634cc6b1015d3b02 Author: Bryan Call <bc...@apache.org> AuthorDate: Fri Feb 23 14:48:53 2018 -0800 Return 400 if there is whitespace after the field name and before the colon (cherry picked from commit 08512deb11a610ae7084ce678b19bd637e30b3e1) Conflicts: proxy/hdrs/MIME.cc --- proxy/hdrs/HdrTest.cc | 2 +- proxy/hdrs/MIME.cc | 12 ++++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/proxy/hdrs/HdrTest.cc b/proxy/hdrs/HdrTest.cc index 7cb4198..2219769 100644 --- a/proxy/hdrs/HdrTest.cc +++ b/proxy/hdrs/HdrTest.cc @@ -483,7 +483,7 @@ HdrTest::test_mime() "continuation: part1\r\n" " part2\r\n" "scooby: doo\r\n" - "scooby : doo\r\n" + " scooby: doo\r\n" "bar: foo\r\n" "\r\n", }; diff --git a/proxy/hdrs/MIME.cc b/proxy/hdrs/MIME.cc index 4caf5fa..1b449f8 100644 --- a/proxy/hdrs/MIME.cc +++ b/proxy/hdrs/MIME.cc @@ -2545,8 +2545,16 @@ mime_parser_parse(MIMEParser *parser, HdrHeap *heap, MIMEHdrImpl *mh, const char if (!colon) continue; // toss away garbage line field_name_last = colon - 1; - while ((field_name_last >= field_name_first) && is_ws(*field_name_last)) - --field_name_last; + // RFC7230 section 3.2.4: + // No whitespace is allowed between the header field-name and colon. In + // the past, differences in the handling of such whitespace have led to + // security vulnerabilities in request routing and response handling. A + // server MUST reject any received request message that contains + // whitespace between a header field-name and colon with a response code + // of 400 (Bad Request). + if ((field_name_last >= field_name_first) && is_ws(*field_name_last)) { + return PARSE_ERROR; + } // find value first field_value_first = colon + 1;