HTTPSock: reject CR/LF in AddHeader name/value

AddHeader wrote its arguments straight into the response stream. No
in-tree caller reaches it with attacker-controlled bytes today, but the
public API is exposed to module authors; one bad caller would be a
header-injection bug. Filter at the entry rather than at every caller.
This commit is contained in:
MarkLee131
2026-04-25 10:38:31 +08:00
parent 8566db72dd
commit 04cf89beec
+7
View File
@@ -763,6 +763,13 @@ void CHTTPSock::SetContentType(const CString& sContentType) {
}
void CHTTPSock::AddHeader(const CString& sName, const CString& sValue) {
// Reject CR/LF in either half so we never emit a malformed header or
// give a caller (e.g. a future module) a cheap response-splitting
// primitive. No in-tree caller reaches this with attacker-controlled
// bytes today; this is a defensive guard, not a fix for an existing
// exploit.
if (sName.find_first_of("\r\n") != CString::npos) return;
if (sValue.find_first_of("\r\n") != CString::npos) return;
m_msHeaders[sName] = sValue;
}