TS-4043 Prevent bogus FQDN characters in host header#356
Closed
danobi wants to merge 3 commits intoapache:masterfrom
Closed
TS-4043 Prevent bogus FQDN characters in host header#356danobi wants to merge 3 commits intoapache:masterfrom
danobi wants to merge 3 commits intoapache:masterfrom
Conversation
Validate the host header string to prevent malformed hostnames from being let in.
proxy/hdrs/HTTP.cc
Outdated
Member
There was a problem hiding this comment.
What about colons for IPv6 addresses?
Contributor
|
Can you extract the guts of Are you sure that the the return value of |
Member
|
James - so split out The use of |
Contributor
yup |
Was missing a few characters, specifically the ones for IPv6
Split out host header checking code into `validate_hdr_field()` so that a regression test for invalid FQDNs could be added.
SolidWallOfCode
pushed a commit
to SolidWallOfCode/trafficserver
that referenced
this pull request
Feb 1, 2017
YTSATS-1101: ATS handling of too many concurrent streams too agressive
maskit
pushed a commit
to maskit/trafficserver
that referenced
this pull request
Feb 2, 2017
* asf/master: (392 commits) Doh, chomp does not trim WS ... Make sure any trailing WS is removed from the Jira summary Change the changelog.pl script to use /usr/bin/env to find perl TS-4089: clang-format [TS-4091] addressing internal headers This close apache#387. TS-4089: Fixed coverity issues in parent selection. TS-4074: Escape backslashes in user/group/machine name TS-4043: Prevent bogus FQDN characters in host header This close apache#356. TS-3418: clang-format This closes apache#190. This closes apache#321. TS-4071: Unused mutex Diags::rotate_lock TS-3418: Various style fixes. TS-3418: Refactored parent selection to add a secondary parent consistent hash ring. This closes apache#368. TS-4084: Empty README.md file TS-4079: Support for arbitrary esi vars through HTTP request headers. This closes apache#378 TS-3944: Add documentation for TSHttpTxnServerAddrSet to clarify when it must be called. This close apache#385. Clang format. TS-3908: Fix clang errors in WCCP. ...
bneradt
pushed a commit
to bneradt/trafficserver
that referenced
this pull request
Nov 19, 2020
moonchen
pushed a commit
to moonchen/trafficserver
that referenced
this pull request
Jul 26, 2022
…pache#356) * Add autest to cover updates to cache with alternates * remove trailing line(autopep8) * add comments describing the requests * reduce delay and max-age on test * set cache object size to zero when incoming content length is zero * add demystifying comment Co-authored-by: Chris McFarlen <cmcfarlen@apple.com> (cherry picked from commit 4c5b182) Co-authored-by: Chris McFarlen <chris@mcfarlen.us>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Validate the host header string to prevent malformed hostnames from being let in.