Skip to content

Commit

Permalink
Ignore invalid header causing HTTPOXY vulnerability
Browse files Browse the repository at this point in the history
  • Loading branch information
@alanswanson
alanswanson committed Jul 22, 2016
1 parent 4c41067 commit 753dc74
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions cherokee/header.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1125,6 +1125,14 @@ cherokee_header_parse (cherokee_header_t *hdr, cherokee_buffer_t *buffer, cherok
} else
goto unknown;
break;
case 'P':
if (header_equals ("Proxy", header_range, begin, header_len)) {
/* Ignore invalid header causing HTTPOXY vulnerability
*/
ret = ret_ok;
} else
goto unknown;
break;
case 'R':
if (header_equals ("Range", header_range, begin, header_len)) {
ret = add_known_header (hdr, header_range, val_offs, val_len);
Expand Down

0 comments on commit 753dc74

Please sign in to comment.