diff --git a/lib/cf-h1-proxy.c b/lib/cf-h1-proxy.c index f7974a9931..21ac6da293 100644 --- a/lib/cf-h1-proxy.c +++ b/lib/cf-h1-proxy.c @@ -476,6 +476,12 @@ static CURLcode single_header(struct Curl_cfilter *cf, /* output debug if that is requested */ Curl_debug(data, CURLINFO_HEADER_IN, linep, line_len); + /* a CONNECT response line is handed to the client as a header, so it must + pass the same checks as a regular response header before delivery */ + result = Curl_verify_header(data, linep, line_len); + if(result) + return result; + /* send the header to the callback */ writetype = CLIENTWRITE_HEADER | CLIENTWRITE_CONNECT | (ts->headerlines == 1 ? CLIENTWRITE_STATUS : 0); diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am index 413f7a1143..a7c293cb20 100644 --- a/tests/data/Makefile.am +++ b/tests/data/Makefile.am @@ -253,7 +253,7 @@ test2064 test2065 test2066 test2067 test2068 test2069 test2070 test2071 \ test2072 test2073 test2074 test2075 test2076 test2077 test2078 test2079 \ test2080 test2081 test2082 test2083 test2084 test2085 test2086 test2087 \ test2088 test2089 test2090 test2091 test2092 \ -test2100 test2101 test2102 test2103 test2104 test2105 test2106 \ +test2100 test2101 test2102 test2103 test2104 test2105 test2106 test2107 \ \ test2200 test2201 test2202 test2203 test2204 test2205 test2206 test2207 \ \ diff --git a/tests/data/test2107 b/tests/data/test2107 new file mode 100644 index 0000000000..8c44044109 --- /dev/null +++ b/tests/data/test2107 @@ -0,0 +1,49 @@ + + + + +HTTP +HTTP CONNECT +HTTP proxy +proxytunnel + + + +# Server-side + + +HTTP/1.1 200 OK +Content-Length: 0 + + + +HTTP/1.1 200 OK%CR +X-Evil: he%hex[%00]hex%llo%CR +%CR + + + +# Client-side + + +http +http-proxy + + +proxy + + +HTTP CONNECT response with a nul byte in a header + + +http://%HOSTIP:%HTTPPORT/%TESTNUMBER -p -x http://%HOSTIP:%PROXYPORT + + + +# Verify data after the test has been "shot" + + +8 + + +