diff options
author | Bert Belder <bertbelder@gmail.com> | 2013-02-07 14:39:47 +0100 |
---|---|---|
committer | Bert Belder <bertbelder@gmail.com> | 2013-02-07 14:39:47 +0100 |
commit | 255bc945c2bad35c01b65e3351337e30372907b4 (patch) | |
tree | 1b5b5b41faa940256ec31a91cd944c09f5b04b80 /lib/http.js | |
parent | 13897279ae18445cff77cf17e3337c63cf8ac4fe (diff) | |
download | node-255bc945c2bad35c01b65e3351337e30372907b4.tar.gz |
http: protect against response splitting attacks
This patch is a back-port of 3c293ba.
Closes #4696
Diffstat (limited to 'lib/http.js')
-rw-r--r-- | lib/http.js | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/http.js b/lib/http.js index aee579aad..315a9c6a2 100644 --- a/lib/http.js +++ b/lib/http.js @@ -546,6 +546,11 @@ OutgoingMessage.prototype._storeHeader = function(firstLine, headers) { var self = this; function store(field, value) { + // Protect against response splitting. The if statement is there to + // minimize the performance impact in the common case. + if (/[\r\n]/.test(value)) + value = value.replace(/[\r\n]+[ \t]*/g, ''); + messageHeader += field + ': ' + value + CRLF; if (connectionExpression.test(field)) { |