http: reject header contents with nul bytes

They are not allowed by the protocol and allowing them risk that curl misbehaves somewhere where C functions are used but won't work on the full contents. Further, they are not supported by hyper and they cause problems for the new coming headers API work. Updated test 262 to verify and enabled it for hyper as well Closes #8601
2022-03-16 23:12:28 +01:00 · 2022-03-16 23:12:28 +01:00 · 526e0ef4cb
commit 526e0ef4cb
parent 22d33956ec
2 changed files with 7 additions and 0 deletions
--- a/lib/http.c
+++ b/lib/http.c
@ -4283,6 +4283,13 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
      }
    }

+    end_ptr = memchr(headp, 0x00, Curl_dyn_len(&data->state.headerb));
+    if(end_ptr) {
+      /* this is bad, bail out */
+      failf(data, "Nul byte in header");
+      return CURLE_WEIRD_SERVER_REPLY;
+    }
+
    result = Curl_http_header(data, conn, headp);
    if(result)
      return result;
--- a/tests/data/test262
+++ b/tests/data/test262