diff options
author | Erik Dubbelboer <erik@dubbelboer.com> | 2020-04-25 20:54:59 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-25 20:54:59 +0200 |
commit | 079f39bddceb89b52f80952dd9beed0a8fc331d2 (patch) | |
tree | e16c30b14b4e16a397685a6eada20926fde3bf2b /uri.go | |
parent | Fix integer overflow handling in parseUintBuf() (#789) (diff) | |
download | fasthttp-079f39bddceb89b52f80952dd9beed0a8fc331d2.tar.gz fasthttp-079f39bddceb89b52f80952dd9beed0a8fc331d2.tar.bz2 fasthttp-079f39bddceb89b52f80952dd9beed0a8fc331d2.zip |
Don't allow ASCII control character in URLs (#790)
* Don't allow ASCII control character in URLs
* Add tests
Diffstat (limited to 'uri.go')
-rw-r--r-- | uri.go | 15 |
1 files changed, 15 insertions, 0 deletions
@@ -263,6 +263,10 @@ func (u *URI) Parse(host, uri []byte) { func (u *URI) parse(host, uri []byte, isTLS bool) { u.Reset() + if stringContainsCTLByte(uri) { + return + } + if len(host) == 0 || bytes.Contains(uri, strColonSlashSlash) { scheme, newHost, newURI := splitHostURI(host, uri) u.scheme = append(u.scheme, scheme...) @@ -581,3 +585,14 @@ func (u *URI) parseQueryArgs() { u.queryArgs.ParseBytes(u.queryString) u.parsedQueryArgs = true } + +// stringContainsCTLByte reports whether s contains any ASCII control character. +func stringContainsCTLByte(s []byte) bool { + for i := 0; i < len(s); i++ { + b := s[i] + if b < ' ' || b == 0x7f { + return true + } + } + return false +} |