forked from tiny-http/tiny-http
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Prevent HTTP request smuggling via Header normalization
As identified in RUSTSEC-2020-0031, normalizing the value of a header field (through the use of `str::trim`) can make applications based on this library vulnerable to HTTP request smuggling if the immediate upstream load balancer interprets the malformed header in a different way. This backported patch based on a PR opened on the main tiny-http repo. [1] [1]: tiny-http#190
- Loading branch information
Showing
2 changed files
with
32 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters