http: reject header contents with nul bytes

They are not allowed by the protocol and allowing them risk that curl
misbehaves somewhere where C functions are used but won't work on the
full contents. Further, they are not supported by hyper and they cause
problems for the new coming headers API work.

Updated test 262 to verify and enabled it for hyper as well

Closes #8601

diff --git a/lib/http.c b/lib/http.c
index 799d4fb4577f8e1479c03fbdecb0740c90a05e51..bc030ddb7f3f9655236e73713de6900ccb24b571 100644 (file)
--- a/lib/http.c
+++ b/lib/http.c
@@ -4283,6 +4283,13 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
       }
     }
 
+    end_ptr = memchr(headp, 0x00, Curl_dyn_len(&data->state.headerb));
+    if(end_ptr) {
+      /* this is bad, bail out */
+      failf(data, "Nul byte in header");
+      return CURLE_WEIRD_SERVER_REPLY;
+    }
+
     result = Curl_http_header(data, conn, headp);
     if(result)
       return result;

diff --git a/tests/data/test262 b/tests/data/test262
index 43994b05fe24a57c3343b0beebc76c08dcff3c32..d119d667232e016cfaadbc4c5b41b763408bf272 100644 (file)
Binary files a/tests/data/test262 and b/tests/data/test262 differ