Skip to content
Permalink
Browse files Browse the repository at this point in the history
Escape potentially malicious HTTP headers
  • Loading branch information
jcameron committed Sep 5, 2017
1 parent 4b03f57 commit 0c58892
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions web-lib-funcs.pl
Expand Up @@ -2308,7 +2308,7 @@ sub http_download
$h = $main::download_timed_out if ($main::download_timed_out);
if (!ref($h)) {
if ($error) { $$error = $h; return; }
else { &error($h); }
else { &error(&html_escape($h)); }
}
&complete_http_download($h, $dest, $error, $cbfunc, $osdn, $host, $port,
$headers, $ssl, $nocache, $timeout);
Expand Down Expand Up @@ -2337,7 +2337,7 @@ sub complete_http_download
alarm(0);
&close_http_connection($h);
if ($error) { ${$error} = $line; return; }
else { &error("Download failed : $line"); }
else { &error("Download failed : ".&html_escape($line)); }
}
my $rcode = $1;
&$cbfunc(1, $rcode >= 300 && $rcode < 400 ? 1 : 0)
Expand Down Expand Up @@ -2383,7 +2383,8 @@ sub complete_http_download
# Assume relative to same dir .. not handled
&close_http_connection($h);
if ($error) { ${$error} = "Invalid Location header $header{'location'}"; return; }
else { &error("Invalid Location header $header{'location'}"); }
else { &error("Invalid Location header ".
&html_escape($header{'location'})); }
}
else {
&close_http_connection($h);
Expand Down Expand Up @@ -2412,7 +2413,7 @@ sub complete_http_download
if (!&open_tempfile(PFILE, ">$destfile", 1)) {
&close_http_connection($h);
if ($error) { ${$error} = "Failed to write to $destfile : $!"; return; }
else { &error("Failed to write to $destfile : $!"); }
else { &error("Failed to write to ".&html_escape($destfile)." : ".&html_escape("$!")); }
}
binmode(PFILE); # For windows
while(defined($buf = &read_http_connection($h, 1024))) {
Expand Down

0 comments on commit 0c58892

Please sign in to comment.