From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 16 Mar 2022 22:12:28 +0000 (+0100)
Subject: http: reject header contents with nul bytes
X-Git-Tag: curl-7_83_0~147
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=526e0ef4cbf88852f957506306aee51ff56e548f;p=thirdparty%2Fcurl.git

http: reject header contents with nul bytes

They are not allowed by the protocol and allowing them risk that curl
misbehaves somewhere where C functions are used but won't work on the
full contents. Further, they are not supported by hyper and they cause
problems for the new coming headers API work.

Updated test 262 to verify and enabled it for hyper as well

Closes #8601
---

diff --git a/lib/http.c b/lib/http.c
index 799d4fb457..bc030ddb7f 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -4283,6 +4283,13 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
       }
     }
 
+    end_ptr = memchr(headp, 0x00, Curl_dyn_len(&data->state.headerb));
+    if(end_ptr) {
+      /* this is bad, bail out */
+      failf(data, "Nul byte in header");
+      return CURLE_WEIRD_SERVER_REPLY;
+    }
+
     result = Curl_http_header(data, conn, headp);
     if(result)
       return result;
diff --git a/tests/data/test262 b/tests/data/test262
index 43994b05fe..d119d66723 100644
Binary files a/tests/data/test262 and b/tests/data/test262 differ