👕 only check CRLF

anlowee · anlowee · commit f65de30955b6 · 2024-10-29T14:50:24.000-04:00
diff --git a/components/core/src/clp/CurlDownloadHandler.cpp b/components/core/src/clp/CurlDownloadHandler.cpp
@@ -81,9 +81,7 @@ CurlDownloadHandler::CurlDownloadHandler(
                 == std::find(cReservedHeaders.begin(), cReservedHeaders.end(), lower_key))
             {
                 // Filter out illegal header names and header values by regex
-                if (std::regex_match(key, header_name_pattern)
-                    && std::regex_match(value, header_value_pattern))
-                {
+                if (false == value.empty() && ('\r' != value.back() && '\n' != value.back())) {
                     m_http_headers.append(fmt::format("{}: {}", key, value));
                 } else {
                     throw CurlOperationFailed(
@@ -92,7 +90,8 @@ CurlDownloadHandler::CurlDownloadHandler(
                             __LINE__,
                             CURLE_BAD_FUNCTION_ARGUMENT,
                             fmt::format(
-                                    "curl_download_handler_init failed due to illegal header: {}: "
+                                    "curl_download_handler_init failed due to CRLF-terminated "
+                                    "header: {}: "
                                     "{}.",
                                     key,
                                     value
diff --git a/components/core/tests/test-NetworkReader.cpp b/components/core/tests/test-NetworkReader.cpp
@@ -246,12 +246,9 @@ TEST_CASE("network_reader_with_http_header_kv_pairs", "[NetworkReader]") {
     REQUIRE(test_illegal_header("Range", "bytes=100-"));
     REQUIRE(test_illegal_header("Cache-Control", "no-cache"));
     REQUIRE(test_illegal_header("Pragma", "no-cache"));
-    // The following headers contain illegal header names, the requests should be rejected.
-    REQUIRE(test_illegal_header("A Space", "xx"));
-    REQUIRE(test_illegal_header("A\nNewline", "xx"));
-    REQUIRE(test_illegal_header("An@At", "xx"));
-    REQUIRE(test_illegal_header("-Start-with-Non-Alphanumeric", "xx"));
     // The following headers contain illegal header values, the requests should be rejected.
-    REQUIRE(test_illegal_header("Legal-Name1", "newline\n"));
-    REQUIRE(test_illegal_header("Legal-Name2", "control-char\x01"));
+    REQUIRE(test_illegal_header("Legal-Name1", "CRLF\n"));
+    REQUIRE(test_illegal_header("Legal-Name2", "CRLF\r"));
+    REQUIRE(test_illegal_header("Legal-Name3", "CRLF\n\r"));
+    REQUIRE(test_illegal_header("Legal-Name4", "CRLF\r\n"));
 }
