httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: [PATCH] mod_cgi: Mitigating some header injections by dropping invalid headers?
Date Tue, 12 Oct 2010 15:06:19 GMT

On 12 Oct 2010, at 15:30, Malte S. Stretz wrote:

> I had a quick look at the Apache source and the solution was simple:  Just 
> drop headers which contain any character outside the range [a-zA-Z0-9-].  
> The patch against trunk is attached.

This made me think of something we had a while ago; and after checking the logs - big +1 from
me!

Dw.
Mime
View raw message