diff --git a/CHANGELOG.md b/CHANGELOG.md index d71095f9..4ffcba15 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ Version 76: * Serializer members are not const * serializing file_body is not const * Add file_body_win32 +* Fix parse illegal characters in obs-fold API Changes: diff --git a/include/beast/http/detail/basic_parser.hpp b/include/beast/http/detail/basic_parser.hpp index 6b052389..0c7b4da8 100644 --- a/include/beast/http/detail/basic_parser.hpp +++ b/include/beast/http/detail/basic_parser.hpp @@ -797,6 +797,11 @@ protected: p = parse_token_to_eol(p, last, token_last, ec); if(ec) return; + if(! p) + { + ec = error::bad_value; + return; + } // Look 1 char past the CRLF to handle obs-fold. if(p + 1 > last) { diff --git a/test/http/basic_parser.cpp b/test/http/basic_parser.cpp index 79f7dd07..3c627290 100644 --- a/test/http/basic_parser.cpp +++ b/test/http/basic_parser.cpp @@ -1103,6 +1103,40 @@ public: //-------------------------------------------------------------------------- + void + testFuzz1() + { + error_code ec; + test_parser p; + feed(buf( + "LOCK /%e7lY;/;;%0b8=p/r HTTP/1.1\r\n" + "Accept-Encoding:\r\n" + " \r\n" + "Original-Message-ID: : \r\n" + " D\r\n" + "Resent-Date:\r\n" + "Alt-Svc: \r\n" + "Trailer: \r\n" + "List-ID:k \r\n" + "Alternate-Recipient:\"qJ̼[r\r\n" + "Location: \r\n" + "Accept-Additions: \r\n" + "MMHS-Originator-PLAD: \r\n" + "Original-Sender: \r\n" + "Original-Sender:\r\n" + "PICS-Label:\r\n" + " \r\n" + "If: @P\\Æ\\|E\r\n" + "MMHS-Exempted-Address:\r\n" + "Injection-Info: \r\n" + "Contetn-Length: 0\r\n" + "\r\n" + ), p, ec); + BEAST_EXPECT(ec); + } + + //-------------------------------------------------------------------------- + void run() override { @@ -1122,6 +1156,7 @@ public: testIssue430(); testIssue452(); testIssue496(); + testFuzz1(); } };