dovecot-2.2: lib-http: Added asserts to make sure CR or LF can't...
dovecot at dovecot.org
dovecot at dovecot.org
Fri Aug 15 13:01:36 UTC 2014
details: http://hg.dovecot.org/dovecot-2.2/rev/8e6d2afb14c5
changeset: 17722:8e6d2afb14c5
user: Timo Sirainen <tss at iki.fi>
date: Fri Aug 15 15:59:17 2014 +0300
description:
lib-http: Added asserts to make sure CR or LF can't be added accidentally to HTTP headers.
diffstat:
src/lib-http/http-server-response.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diffs (13 lines):
diff -r 664afffb22a3 -r 8e6d2afb14c5 src/lib-http/http-server-response.c
--- a/src/lib-http/http-server-response.c Fri Aug 15 15:22:46 2014 +0300
+++ b/src/lib-http/http-server-response.c Fri Aug 15 15:59:17 2014 +0300
@@ -68,6 +68,9 @@
const char *key, const char *value)
{
i_assert(!resp->submitted);
+ i_assert(strchr(key, '\r') == NULL && strchr(key, '\n') == NULL);
+ i_assert(strchr(value, '\r') == NULL && strchr(value, '\n') == NULL);
+
/* mark presence of special headers */
switch (key[0]) {
case 'c': case 'C':
More information about the dovecot-cvs
mailing list