Skip to content

Commit afb9522

Browse files
Merge pull request #211 from ESP32Async/secfix
2 parents 1095dfd + 4821424 commit afb9522

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

src/AsyncWebHeader.cpp

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,13 @@ AsyncWebHeader::AsyncWebHeader(const String &data) {
1111
if (index < 0) {
1212
return;
1313
}
14+
if (data.indexOf('\r') >= 0 || data.indexOf('\n') >= 0) {
15+
// Note: do not log as info, warn or error because this could flood the logs without being able to filter this out
16+
#ifdef ESP32
17+
log_v("Invalid character in HTTP header");
18+
#endif
19+
return; // Invalid header format
20+
}
1421
_name = data.substring(0, index);
1522
_value = data.substring(index + 2);
1623
}

0 commit comments

Comments
 (0)