Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect handling of null bytes in URIs #434

Open
kenballus opened this issue Dec 31, 2024 · 0 comments
Open

Incorrect handling of null bytes in URIs #434

kenballus opened this issue Dec 31, 2024 · 0 comments

Comments

@kenballus
Copy link

The HTTP RFCs do not permit NUL within HTTP messages' request-targets. OLS does not enforce this rule.

  1. When acting as an origin server, OLS truncates URIs at the first NUL byte.
  2. When acting as a reverse proxy, OLS permits NUL in URIs and forwards them as-is.

Each of these behaviors can cause security problems.

When OLS receives a request with a NUL in its URI, it should just respond 400.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kenballus