Skip to content

Commit

Permalink
FISH-9690: adding validation to prevent LF character on Header Value …
Browse files Browse the repository at this point in the history
…content
  • Loading branch information
breakponchito committed Dec 11, 2024
1 parent 9c57a2c commit 1426931
Showing 1 changed file with 11 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -849,6 +849,11 @@ protected static int parseHeaderValue(final HttpHeader httpHeader, final HeaderP
parsingState.offset = offset + 2 - arrayOffs;
return -2;
} else {
final byte b3 = input[offset - 1];
if (!(b3 == Constants.CR) && isStrictHeaderValueValidationSet) {
throw new IllegalStateException(
"An invalid character 0x" + Integer.toHexString(b) + " was found in the header value");
}
parsingState.offset = offset + 1 - arrayOffs;
finalizeKnownHeaderValues(httpHeader, parsingState, input, arrayOffs + parsingState.start, arrayOffs + parsingState.checkpoint2);
parsingState.headerValueStorage.setBytes(input, arrayOffs + parsingState.start, arrayOffs + parsingState.checkpoint2);
Expand Down Expand Up @@ -1139,6 +1144,12 @@ protected static int parseHeaderValue(final HttpHeader httpHeader, final HeaderP
parsingState.offset = offset + 2;
return -2;
} else {
final byte b3 = input.get(offset - 1);
if (!(b3 == Constants.CR) && isStrictHeaderValueValidationSet) {
throw new IllegalStateException(
"An invalid character 0x" + Integer.toHexString(b) + " was found in the header value");
}

parsingState.offset = offset + 1;
finalizeKnownHeaderValues(httpHeader, parsingState, input, parsingState.start, parsingState.checkpoint2);
parsingState.headerValueStorage.setBuffer(input, parsingState.start, parsingState.checkpoint2);
Expand Down

0 comments on commit 1426931

Please sign in to comment.