From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 25 Apr 2008 10:39:36 +0000 (+1200)
Subject: Bug 2297: file uploads (RFC1867) fail with "error:double-CR"
X-Git-Tag: SQUID_3_0_STABLE5~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3cfa6e0f58e592d48a74ea301eb2a955e1bb9fb8;p=thirdparty%2Fsquid.git

Bug 2297: file uploads (RFC1867) fail with "error:double-CR"

Uses strnstr instead of strstr to limit the scan area
---

diff --git a/src/client_side.cc b/src/client_side.cc
index df75e9d96a..37344a9590 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1919,7 +1919,11 @@ parseHttpRequest(ConnStateData::Pointer & conn, HttpParser *hp, method_t * metho
 
     debugs(33, 3, "parseHttpRequest: end = {" << end << "}");
 
-    if (strstr(req_hdr, "\r\r\n")) {
+    /*
+     * Check that the headers don't have double-CR.
+     * NP: strnstr is required so we don't search any possible binary body blobs.
+     */
+    if ( strnstr(req_hdr, "\r\r\n", req_sz) ) {
         debugs(33, 1, "WARNING: suspicious HTTP request contains double CR");
         xfree(url);
         return parseHttpRequestAbort(conn, "error:double-CR");