CVSROOT: /cvs Module name: src Changes by: mill...@cvs.openbsd.org 2023/11/28 11:36:55
Modified files: usr.sbin/relayd: relay_http.c Log message: relay_read_http: tighten up header parsing 1) reject headers with embedded NULs 2) reject headers with invalid characters in the name 3) reject Transfer-Encoding with values other than "chunked" 4) reject chunk values containing non-hex characters 5) reject Content-Length values of "+0" or "-0" 6) reject requests without a ' ' and headers without a ':' Reported by Ben Kallus, OK bluhm@