scan outgoing status line for newlines and controls

covener · covener · commit 38809faac18b · 2026-04-26T16:30:43.000Z
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1933359 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
@@ -990,6 +990,11 @@ static apr_status_t validate_status_line(request_rec *r)
             r->status_line = apr_pstrcat(r->pool, r->status_line, " ", NULL);
             return APR_EGENERAL;
         }
+        /* Check for newlines and control characters */
+        if (len > 4 && *ap_scan_http_field_content(r->status_line + 4)) {
+            r->status_line = NULL;
+            return APR_EGENERAL;
+        }
         return APR_SUCCESS;
     }
     return APR_EGENERAL;

Original file line number	Diff line number	Diff line change
`@@ -990,6 +990,11 @@ static apr_status_t validate_status_line(request_rec *r)`
`990`	`990`	`r->status_line = apr_pstrcat(r->pool, r->status_line, " ", NULL);`
`991`	`991`	`return APR_EGENERAL;`
`992`	`992`	`}`
	`993`	`+ /* Check for newlines and control characters */`
	`994`	`+ if (len > 4 && *ap_scan_http_field_content(r->status_line + 4)) {`
	`995`	`+ r->status_line = NULL;`
	`996`	`+ return APR_EGENERAL;`
	`997`	`+ }`
`993`	`998`	`return APR_SUCCESS;`
`994`	`999`	`}`
`995`	`1000`	`return APR_EGENERAL;`