Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stripping NUL from the ends of header values #126

Closed
kenballus opened this issue Dec 1, 2023 · 1 comment
Closed

Stripping NUL from the ends of header values #126

kenballus opened this issue Dec 1, 2023 · 1 comment

Comments

@kenballus
Copy link
Contributor

WEBrick strips null bytes from the ends of header values. This presents a problem for reverse proxies that attempt enforce policies about header values and also allow null bytes in header values. At least one popular HTTP proxy server does this.

For example, if I have WEBrick deployed behind a reverse proxy that forwards null bytes in header values, and I add a rule to the reverse proxy to reject all requests with an Evil: evil header, I can bypass the rule by sending the following request:

GET / HTTP/1.1\r\n
Evil: evil\x00\r\n
\r\n

WEBrick should respond 400 to any request containing null bytes in a header value, because it's a violation of the standard, and indicative of a potential attack.

jeremyevans added a commit to jeremyevans/webrick that referenced this issue Dec 1, 2023
@jeremyevans
Copy link
Contributor

I pushed a fix for this as part of #125.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants