From 3d2f85d9ca66aecaf1c46a818998a27f99f755e2 Mon Sep 17 00:00:00 2001
From: Valentin Bartenev <vbart@nginx.com>
Date: Thu, 15 Mar 2018 21:07:56 +0300
Subject: HTTP parser: restricting allowed characters in fields values.

According to RFC 7230 only printable 7-bit ASCII characters are allowed
in field values.
---
 src/nxt_http_parse.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/nxt_http_parse.c')

diff --git a/src/nxt_http_parse.c b/src/nxt_http_parse.c
index f8249abb..95127569 100644
--- a/src/nxt_http_parse.c
+++ b/src/nxt_http_parse.c
@@ -679,7 +679,8 @@ nxt_http_lookup_field_end(u_char *p, u_char *end)
 
 #define nxt_field_end_test_char(ch)                                           \
                                                                               \
-        if (nxt_slow_path((ch) < 0x10)) {                                     \
+        /* Values below 0x20 become more than 0xdf. */                        \
+        if (nxt_slow_path((u_char) ((ch) - 0x20) > 0x5e)) {                   \
             return &(ch);                                                     \
         }
 
-- 
cgit