romenskiy2012/curl

Fork 0

mirror of https://github.com/curl/curl.git synced 2026-06-14 10:55:37 +03:00

Commit graph

Author	SHA1	Message	Date
alhudz	7de0a7e71a	chunked: reject invalid bytes in trailer Trailers are delivered to the application as headers via CLIENTWRITE_TRAILER, but unlike regular response headers they skipped the verify_header() checks, so a server could smuggle a nul byte (or stray CR) into a header reaching CURLOPT_HEADERFUNCTION and curl_easy_header(). Run each assembled trailer line through Curl_verify_header(), the same validation used for normal headers. Covered by the new test 2106. Closes #21896	2026-06-08 13:56:10 +02:00

Author

SHA1

Message

Date

alhudz

7de0a7e71a

chunked: reject invalid bytes in trailer

Trailers are delivered to the application as headers via
CLIENTWRITE_TRAILER, but unlike regular response headers they skipped
the verify_header() checks, so a server could smuggle a nul byte (or
stray CR) into a header reaching CURLOPT_HEADERFUNCTION and
curl_easy_header().

Run each assembled trailer line through Curl_verify_header(), the same
validation used for normal headers.

Covered by the new test 2106.

Closes #21896

2026-06-08 13:56:10 +02:00

1 commit