diff options
| -rw-r--r-- | src/libmdsserver/mds-message.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/libmdsserver/mds-message.c b/src/libmdsserver/mds-message.c index a5b9b95..d616355 100644 --- a/src/libmdsserver/mds-message.c +++ b/src/libmdsserver/mds-message.c @@ -18,6 +18,7 @@ #include "mds-message.h" #include "macros.h" +#include "util.h" #include <stdlib.h> #include <string.h> @@ -179,7 +180,7 @@ static int get_payload_length(mds_message_t* restrict this) /** - * Verify that a header is correctly formated + * Verify that a header is correctly formatted * * @param header The header, must be NUL-terminated * @param length The length of the header @@ -189,6 +190,11 @@ static int __attribute__((pure)) validate_header(const char* header, size_t leng { char* p = memchr(header, ':', length * sizeof(char)); + if (verify_utf8(header, 0) < 0) + /* Either the string is not UTF-8, or your are under an UTF-8 attack, + lets just call this unrecoverable because the client will not correct. */ + return -2; + if ((p == NULL) || /* Buck you, rawmemchr should not segfault the program. */ (p[1] != ' ')) /* Also an invalid format. ' ' is mandated after the ':'. */ return -2; |