aboutsummaryrefslogtreecommitdiffstats
path: root/src/libmdsserver/mds-message.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libmdsserver/mds-message.c')
-rw-r--r--src/libmdsserver/mds-message.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/libmdsserver/mds-message.c b/src/libmdsserver/mds-message.c
index a5b9b95..d616355 100644
--- a/src/libmdsserver/mds-message.c
+++ b/src/libmdsserver/mds-message.c
@@ -18,6 +18,7 @@
#include "mds-message.h"
#include "macros.h"
+#include "util.h"
#include <stdlib.h>
#include <string.h>
@@ -179,7 +180,7 @@ static int get_payload_length(mds_message_t* restrict this)
/**
- * Verify that a header is correctly formated
+ * Verify that a header is correctly formatted
*
* @param header The header, must be NUL-terminated
* @param length The length of the header
@@ -189,6 +190,11 @@ static int __attribute__((pure)) validate_header(const char* header, size_t leng
{
char* p = memchr(header, ':', length * sizeof(char));
+ if (verify_utf8(header, 0) < 0)
+ /* Either the string is not UTF-8, or your are under an UTF-8 attack,
+ lets just call this unrecoverable because the client will not correct. */
+ return -2;
+
if ((p == NULL) || /* Buck you, rawmemchr should not segfault the program. */
(p[1] != ' ')) /* Also an invalid format. ' ' is mandated after the ':'. */
return -2;
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-11-10 07:50:37 +0000