[vlc-commits] https: validate header field name

Mon Dec 14 22:35:08 CET 2015

vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Mon Dec 14 22:09:02 2015 +0200| [5986533565668607231587892204e7f01f11c32d] | committer: Rémi Denis-Courmont

https: validate header field name

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=5986533565668607231587892204e7f01f11c32d
---

 modules/access/http/message.c |   14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/modules/access/http/message.c b/modules/access/http/message.c
index 6850430..789b961 100644
--- a/modules/access/http/message.c
+++ b/modules/access/http/message.c
@@ -47,9 +47,17 @@ struct vlc_http_msg
     struct vlc_http_stream *payload;
 };
 
+static bool vlc_http_is_token(const char *);
+
 static int vlc_http_msg_vadd_header(struct vlc_http_msg *m, const char *name,
                                     const char *fmt, va_list ap)
 {
+    if (!vlc_http_is_token(name))
+    {   /* Not a valid field name, i.e. not an HTTP token */
+        errno = EINVAL;
+        return -1;
+    }
+
     char *(*h)[2] = realloc(m->headers, sizeof (char *[2]) * (m->count + 1));
     if (unlikely(h == NULL))
         return -1;
@@ -495,6 +503,12 @@ static size_t vlc_http_token_length(const char *str)
     return i;
 }
 
+static bool vlc_http_is_token(const char *str)
+{
+    size_t len = vlc_http_token_length(str);
+    return len > 0 && str[len] == '\0';
+}
+
 static size_t vlc_http_comment_length(const char *str)
 {   /* IETF RFC7230 §3.2.6 */
     if (*str != '(')

