=== modified file 'src/HttpHeaderTools.cc' --- src/HttpHeaderTools.cc 2010-11-02 00:12:43 +0000 +++ src/HttpHeaderTools.cc 2011-05-25 16:54:36 +0000 @@ -325,52 +325,56 @@ /** * Parses a quoted-string field (RFC 2616 section 2.2), complains if * something went wrong, returns non-zero on success. * Un-escapes quoted-pair characters found within the string. * start should point at the first double-quote. */ int httpHeaderParseQuotedString(const char *start, const int len, String *val) { const char *end, *pos; val->clean(); if (*start != '"') { debugs(66, 2, "failed to parse a quoted-string header field near '" << start << "'"); return 0; } pos = start + 1; while (*pos != '"' && len > (pos-start)) { + + if (*pos == '\n' || *pos == '\r') pos++; + bool quoted = (*pos == '\\'); if (quoted) pos++; if (!*pos || (pos-start) > len) { debugs(66, 2, "failed to parse a quoted-string header field near '" << start << "'"); val->clean(); return 0; } end = pos; while (end <= (start+len) && *end != '\\' && *end != '\"' && *end > 0x1F && *end != 0x7F) end++; - if (*end <= 0x1F || *end == 0x7F) { + bool parse_error = (*end <= 0x1F && *end != '\r' && *end != '\n') || *end == 0x7F; + if (parse_error) { debugs(66, 2, "failed to parse a quoted-string header field with CTL octet " << (start-pos) << " bytes into '" << start << "'"); val->clean(); return 0; } val->append(pos, end-pos); pos = end; } /* Make sure it's defined even if empty "" */ if (!val->defined()) val->limitInit("", 0); return 1; } /** * Checks the anonymizer (header_access) configuration. * * \retval 0 Header is explicitly blocked for removal * \retval 1 Header is explicitly allowed * \retval 1 Header has been replaced, the current version can be used.