After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 666316 - \000, \r in various malformed headers causes critical warning
\000, \r in various malformed headers causes critical warning
Status: RESOLVED FIXED
Product: libsoup
Classification: Core
Component: HTTP Transport
2.37.x
Other Linux
: Normal normal
: ---
Assigned To: libsoup-maint@gnome.bugs
libsoup-maint@gnome.bugs
Depends on:
Blocks:
 
 
Reported: 2011-12-15 19:31 UTC by Simon McVittie
Modified: 2011-12-21 17:01 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Avoid assertion failures parsing malformed headers, and test more cases (5.76 KB, patch)
2011-12-15 19:31 UTC, Simon McVittie 		none Details | Review

Description Simon McVittie 2011-12-15 19:31:07 UTC 
Created attachment 203602 [details] [review]
Avoid assertion failures parsing malformed headers, and test more cases

Attacking Rygel with a HTTP fuzzer revealed that \000 or \r in various
places could cause a critical warning, although this apparently did not
actually break anything.

I've tried to follow the same policies as the rest of libsoup regarding whether to return 400 Bad Request or just ignore the header, but this is fairly arbitrary...
Comment 1 Simon McVittie 2011-12-15 19:34:46 UTC 
(I probably won't be around to apply this patch if it's reviewed over Christmas, so please don't wait for me.)
Comment 2 Dan Winship 2011-12-21 17:01:14 UTC 
While looking at the code, I noticed some other pre-existing problems,
and decided I wanted to handle stray CRs differently than you had, so
I ended up committing my own patch (though keeping most of your
tests). Thanks for the patch anyway though.