Skip to content

[Bug] Untimely client termination on malformed Set-Cookie values #209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
vlm opened this issue May 13, 2020 · 0 comments · Fixed by #210
Closed

[Bug] Untimely client termination on malformed Set-Cookie values #209

vlm opened this issue May 13, 2020 · 0 comments · Fixed by #210
Assignees
@artemredkin
Labels
kind/bug Feature doesn't work as expected.
Milestone
1.2.0

Comments

@vlm
Copy link
Contributor

vlm commented May 13, 2020

The Set-Cookie: header might carry any combination of characters. In case a consecutive sequence of semicolons ";;" is encountered, the client will crash because of this code:

https://github.com/swift-server/async-http-client/pull/207/files#diff-9f1723c83114eacc62a23489d124343eR117

Client termination when encountering such headers is not desired and might result in a denial of service.
@vlm vlm mentioned this issue May 13, 2020
Merged
@artemredkin artemredkin self-assigned this May 13, 2020
@artemredkin artemredkin added the kind/bug Feature doesn't work as expected. label May 13, 2020
@artemredkin artemredkin added this to the 1.2.0 milestone May 13, 2020
@artemredkin artemredkin mentioned this issue May 13, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@artemredkin artemredkin

Labels
kind/bug Feature doesn't work as expected.
Projects
None yet
Milestone
1.2.0
Development

Successfully merging a pull request may close this issue.

fix malformed cookie parsing swift-server/async-http-client
2 participants
@vlm @artemredkin