CVSROOT: /cvs Module name: src Changes by: j...@cvs.openbsd.org 2015/04/18 03:27:54
Modified files:
usr.sbin/httpd : server_http.c
Log message:
Regis Leroy reported that httpd does not strictly accept CRLF for
newlines which could lead to http response splitting/smuggling
if a badly behaved proxy is in front of httpd.
Switch from evbuffer_readline() to evbuffer_readln() with
EVBUFFER_EOL_CRLF_STRICT to avoid this.
ok florian@
