Commit 439b34f4 authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa

Don't allow control characters in outgoing name/value pairs

This check is done in spdylay_submit_* family functions and they will
return error if they found control characters.
parent 10c54e44
...@@ -1302,11 +1302,17 @@ ssize_t spdylay_frame_nv_offset(spdylay_frame_type type, uint16_t version) ...@@ -1302,11 +1302,17 @@ ssize_t spdylay_frame_nv_offset(spdylay_frame_type type, uint16_t version)
int spdylay_frame_nv_check_null(const char **nv) int spdylay_frame_nv_check_null(const char **nv)
{ {
size_t i; size_t i, j;
for(i = 0; nv[i]; i += 2) { for(i = 0; nv[i]; i += 2) {
if(nv[i][0] == '\0' || nv[i+1] == NULL) { if(nv[i][0] == '\0' || nv[i+1] == NULL) {
return 0; return 0;
} }
for(j = 0; nv[i][j]; ++j) {
unsigned char c = nv[i][j];
if(c < 0x20 || c > 0x7e) {
return 0;
}
}
} }
return 1; return 1;
} }
...@@ -794,7 +794,8 @@ void spdylay_frame_iv_sort(spdylay_settings_entry *iv, size_t niv); ...@@ -794,7 +794,8 @@ void spdylay_frame_iv_sort(spdylay_settings_entry *iv, size_t niv);
ssize_t spdylay_frame_nv_offset(spdylay_frame_type type, uint16_t version); ssize_t spdylay_frame_nv_offset(spdylay_frame_type type, uint16_t version);
/* /*
* Checks names are not empty string and values are not NULL. * Checks names are not empty string and do not contain control
* characters and values are not NULL.
* *
* This function returns nonzero if it succeeds, or 0. * This function returns nonzero if it succeeds, or 0.
*/ */
......
...@@ -226,6 +226,8 @@ int main(int argc, char* argv[]) ...@@ -226,6 +226,8 @@ int main(int argc, char* argv[])
test_spdylay_frame_unpack_nv_last_empty_value_spdy3) || test_spdylay_frame_unpack_nv_last_empty_value_spdy3) ||
!CU_add_test(pSuite, "frame_nv_set_origin", !CU_add_test(pSuite, "frame_nv_set_origin",
test_spdylay_frame_nv_set_origin) || test_spdylay_frame_nv_set_origin) ||
!CU_add_test(pSuite, "frame_nv_check_null",
test_spdylay_frame_nv_check_null) ||
!CU_add_test(pSuite, "stream_add_pushed_stream", !CU_add_test(pSuite, "stream_add_pushed_stream",
test_spdylay_stream_add_pushed_stream) || test_spdylay_stream_add_pushed_stream) ||
!CU_add_test(pSuite, "client_cert_vector_find", !CU_add_test(pSuite, "client_cert_vector_find",
......
...@@ -986,3 +986,16 @@ void test_spdylay_frame_nv_set_origin(void) ...@@ -986,3 +986,16 @@ void test_spdylay_frame_nv_set_origin(void)
CU_ASSERT(SPDYLAY_ERR_INVALID_ARGUMENT == CU_ASSERT(SPDYLAY_ERR_INVALID_ARGUMENT ==
spdylay_frame_nv_set_origin((char**)nv5, &origin)); spdylay_frame_nv_set_origin((char**)nv5, &origin));
} }
void test_spdylay_frame_nv_check_null(void)
{
const char *headers1[] = { "path", "/", "host", "a", NULL };
const char *headers2[] = { "", "/", "host", "a", NULL };
const char *headers3[] = { "path", "/", "host\x01", "a", NULL };
const char *headers4[] = { "path", "/", "host", NULL, NULL };
CU_ASSERT(spdylay_frame_nv_check_null(headers1));
CU_ASSERT(0 == spdylay_frame_nv_check_null(headers2));
CU_ASSERT(0 == spdylay_frame_nv_check_null(headers3));
CU_ASSERT(0 == spdylay_frame_nv_check_null(headers4));
}
...@@ -55,5 +55,6 @@ void test_spdylay_frame_unpack_nv_check_name_spdy3(void); ...@@ -55,5 +55,6 @@ void test_spdylay_frame_unpack_nv_check_name_spdy3(void);
void test_spdylay_frame_unpack_nv_last_empty_value_spdy2(void); void test_spdylay_frame_unpack_nv_last_empty_value_spdy2(void);
void test_spdylay_frame_unpack_nv_last_empty_value_spdy3(void); void test_spdylay_frame_unpack_nv_last_empty_value_spdy3(void);
void test_spdylay_frame_nv_set_origin(void); void test_spdylay_frame_nv_set_origin(void);
void test_spdylay_frame_nv_check_null(void);
#endif /* SPDYLAY_FRAME_TEST_H */ #endif /* SPDYLAY_FRAME_TEST_H */
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment