Fix #2096

yhirose · yhirose · commit 48084d55f229 · 2025-03-10T23:31:51.000-04:00
diff --git a/httplib.h b/httplib.h
@@ -4170,6 +4170,9 @@ inline bool parse_header(const char *beg, const char *end, T fn) {
     p++;
   }
 
+  auto name = std::string(beg, p);
+  if (!detail::fields::is_field_name(name)) { return false; }
+
   if (p == end) { return false; }
 
   auto key_end = p;
diff --git a/test/test.cc b/test/test.cc
@@ -5156,6 +5156,14 @@ TEST(ServerRequestParsingTest, InvalidFieldValueContains_LF) {
   EXPECT_EQ("HTTP/1.1 400 Bad Request", out.substr(0, 24));
 }
 
+TEST(ServerRequestParsingTest, InvalidFieldNameContains_PreceedingSpaces) {
+  std::string out;
+  std::string request(
+      "GET /header_field_value_check HTTP/1.1\r\n  Test: val\r\n\r\n", 55);
+  test_raw_request(request, &out);
+  EXPECT_EQ("HTTP/1.1 400 Bad Request", out.substr(0, 24));
+}
+
 TEST(ServerRequestParsingTest, EmptyFieldValue) {
   std::string out;
 

Original file line number	Diff line number	Diff line change
`@@ -4170,6 +4170,9 @@ inline bool parse_header(const char beg, const char end, T fn) {`
`4170`	`4170`	`p++;`
`4171`	`4171`	`}`
`4172`	`4172`
	`4173`	`+ auto name = std::string(beg, p);`
	`4174`	`+ if (!detail::fields::is_field_name(name)) { return false; }`
	`4175`	`+`
`4173`	`4176`	`if (p == end) { return false; }`
`4174`	`4177`
`4175`	`4178`	`auto key_end = p;`