Disallow duplicated Host headers

uNetworking · Oct 27, 2024 · addac0b · addac0b
1 parent cca5a35
commit addac0b
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/HttpParser.h b/src/HttpParser.h
@@ -501,6 +501,12 @@ struct HttpParser {
             /* Add all headers to bloom filter */
             req->bf.reset();
             for (HttpRequest::Header *h = req->headers; (++h)->key.length(); ) {
+                if (req->bf.mightHave(h->key)) [[unlikely]] {
+                    /* Host header is not allowed twice */
+                    if (h->key == "host" && req->getHeader("host").data()) {
+                        return {HTTP_ERROR_400_BAD_REQUEST, FULLPTR};
+                    }
+                }
                 req->bf.add(h->key);
             }