cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: [Bug] HTTP header splitting in curl for PHP

From: Gabriel Totoliciu <gabriel.totoliciu_at_ddsec.net>
Date: Wed, 9 Mar 2011 03:00:04 +0200

> The PHP/CURL binding is written by the PHP team, file bug reports in their
bug
> tracker: http://bugs.php.net/

Thanks, I'll send it there.

>> Inserting CRLF into a header value splits the header into different
headers.
>> This behavior seems to be a potential security problem.

>Right, but... why do you insert CRLF into headers unless you really want
the subsequent behavior?

>> Since curl for php allows the programmer to give an *array of headers*
>> as the CURLOPT_HTTPHEADER parameter, it should convert the CRLF
>> characters to either CRLFSP or SP according to the RFC.

>I won't speak for the PHP/CURL authors, but I can mention that I don't
think libcurl should do that operation on passed-in headers. I see no
reason, and I also think that apps have actually already found use for that
hidden feature in the past. (That's a slightly separate story and in itself
mostly due to libcurls inability to allow an added header with nothing on
the right side of the colon.)

Ah, I see. It was more of a security concern that I had.
Anyway, you have to agree that this is kind of a dirty way to achieve the
result you described.

Gabriel

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-03-09