On Sat, 04 Feb 2012 00:06:45 +0100, Ángel González wrote:
On 03/02/12 21:44, Ángel González wrote:
On 03/02/12 15:01, Gustavo Lopes wrote:
I've committed a different version that also forbids \0 (since, as
Stefan says, a NUL byte can result in the truncation of the rest of
the header) and that accepts a CRLF:
http://svn.php.net/viewvc/php/php-src/trunk/main/SAPI.c?r1=323043&r2=323042&pathrev=323043
Looks good. But given that the goal is to make this robust, I would
go
further:
a) Replace any CRLF + [ \r] with SP
(rfc2616 allows us "A recipient MAY replace any linear white space
with a single SP before forwarding the message downstream.", and
this also protects UAs not following the spec)
b) Bail out on any header_line[i] < ' ' (ie. fail on any special
char)
I've gone ahead and written code for that feature. Comments welcome.
The comparison has a problem: if char is signed (the most common
scenario), you'll be making a signed comparison, so any character over
0x7f will match (if it's an unsigned char, though, it will work, because
of the integer promotions and usual arithmetic conversions). It suffices
to replace ' ' with 0x20U.
Other than that, I am a little uncertain about the impact of this
strictness could have on current applications, even if if correct.
--
Gustavo Lopes
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
