diff options
| author | Bert Belder <bertbelder@gmail.com> | 2013-02-07 14:39:47 +0100 |
|---|---|---|
| committer | Bert Belder <bertbelder@gmail.com> | 2013-02-07 14:39:47 +0100 |
| commit | 255bc945c2bad35c01b65e3351337e30372907b4 (patch) | |
| tree | 1b5b5b41faa940256ec31a91cd944c09f5b04b80 /lib/http.js | |
| parent | 13897279ae18445cff77cf17e3337c63cf8ac4fe (diff) | |
| download | android-node-v8-255bc945c2bad35c01b65e3351337e30372907b4.tar.gz android-node-v8-255bc945c2bad35c01b65e3351337e30372907b4.tar.bz2 android-node-v8-255bc945c2bad35c01b65e3351337e30372907b4.zip | |
http: protect against response splitting attacks
This patch is a back-port of 3c293ba.
Closes #4696
Diffstat (limited to 'lib/http.js')
| -rw-r--r-- | lib/http.js | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/http.js b/lib/http.js index aee579aadf..315a9c6a24 100644 --- a/lib/http.js +++ b/lib/http.js @@ -546,6 +546,11 @@ OutgoingMessage.prototype._storeHeader = function(firstLine, headers) { var self = this; function store(field, value) { + // Protect against response splitting. The if statement is there to + // minimize the performance impact in the common case. + if (/[\r\n]/.test(value)) + value = value.replace(/[\r\n]+[ \t]*/g, ''); + messageHeader += field + ': ' + value + CRLF; if (connectionExpression.test(field)) { |