CVE-2021-37147
commit
5cad961c87cb07fbb8fa6890685d9878a169378d
Author: Brian Neradt <brian.neradt@gmail.com>
Date: Wed Oct 27 11:29:43 2021 -0500
Fix output '\n' HTTP field line endings (#8460)
This is another attempt to fix what was initially addressed in #8096 but
got backed out via #8305. That more extensive patch was considered too
invasive and potentially risky. This more targeted patch will fix
clients that only send the \n endings but it will force the \r\n line
ending on output.
This was mostly in place except for header lines that get
m_n_v_raw_printable set, which seems to be most header lines. The
addition checks to see if the header line ends in \r\n. If it does not
the m_n_v_raw_printable flag gets cleared and the logic that explicitly
adds the line endings while be invoked on output.
Gbp-Pq: Name 0020-CVE-2021-37147.patch
projects / trafficserver.git / commit