Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Http header CR / LF validation #2470

Closed
vietj opened this issue May 23, 2018 · 0 comments
Closed

Http header CR / LF validation #2470

vietj opened this issue May 23, 2018 · 0 comments
Assignees
@vietj

Comments

@vietj
Copy link
Member

vietj commented May 23, 2018

motivation

Currently HttpClientRequest and HttpServerResponse don't check wether header name or value contain \r or \n chars. Of course developers are fully responsible for http headers set and
such incorrect value is likely unintended. Forbidding it prevents HTTP header injection for application that omit to check headers.

change

throw an IllegalArgumentException when a header name or value contains \r or \n char
@vietj vietj self-assigned this May 23, 2018
@vietj vietj changed the title Http header validation Http header CR / LF validation May 23, 2018
vietj added a commit that referenced this issue May 23, 2018
@vietj
Http header CR / LF validation - fixes #2470
2f28612
@vietj vietj closed this as completed in 1bb6445 May 24, 2018
vietj added a commit that referenced this issue May 24, 2018
@vietj
Http header CR / LF validation - fixes #2470
3a65126
@vietj vietj mentioned this issue May 24, 2018
Closed
56 tasks
taikulawo added a commit to taikulawo/Openops that referenced this issue Feb 13, 2019
@taikulawo
修复了Vertx本身的漏洞 eclipse-vertx/vert.x#2470
aac6fe4 
更新的README,现在携带完整的配置文件格式
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vietj vietj

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vietj