Actions
Feature #1286
closedlighttpd-1.4.16 dont said 400 if there are NUL chars inside the request header.
ASK QUESTIONS IN Forums:
Description
lighttpd-1.4.16 dont said 400 if there are NUL chars inside the request header.
Example (perl code):
print "HEAD /index.html.bak HTTP/1.0\x00\r\n" .
"Host: verywell\r\n".
"User-Agent: abc\x00def\r\n".
" 0\x00123\r\n" .
"Connection: \x00k\r\n".
"Referer: http://well.com/\r\n".
" \x00lala\r\n".
"\r\n";
the access.log entry locks like this:
127.0.0.1 verywell - [05/Aug/2007:01:26:33 +0200] "HEAD /index.html.bak HTTP/1.0" 200 0 "http://well.com/ " "abcdef 0"
which is not true.
Updated by ralf over 17 years ago
lighttpd likes all characters:
Perl Request Code:
#!/usr/bin/perl -w
use strict;
my $strange;
for my $i (0 .. 255) {
$strange .= chr($i);
}
$strange=~ s/[\r\n]+//g;
my $req = "HEAD /index.html.bak HTTP/1.0" . ("\x00" x 1000) . "\r\n" .
"Host: verywell\r\n".
"User-Agent: abc" . ("\x00" x 50000) ."def\r\n".
" 0\x00123\r\n" .
"Connection: \x00k\r\n".
"Referer: http://well.com/\r\n".
" " . $strange ."lala\r\n".
"\r\n";
for (1 .. 1) {
print $req;
}
Result:
ralf@server_linux:~/http$ perl test.pl | nc localhost 8080 HTTP/1.0 200 OK Connection: close Content-Type: application/octet-stream Accept-Ranges: bytes Content-Length: 5 Date: Sat, 04 Aug 2007 23:49:42 GMT Server: lighttpd/1.4.16
Log-entry:
127.0.0.1 verywell - [05/Aug/2007:01:49:42 +0200] "HEAD /index.html.bak HTTP/1.0" 200 0 "http://well.com/ " "abcdef 0"
Updated by jan over 17 years ago
- Status changed from New to Fixed
- Resolution set to fixed
in r1928 we ban all chars from 0 - 31
Actions
Also available in: Atom