fix: skip invalid UTF-8 headers instead of panicking

xeioex · xeioex · commit 8b06ecd52913 · 2025-07-25T16:04:24.000-07:00
Replace `to_str()` with explicit UTF-8 validation in NgxListIterator
to handle malformed HTTP headers gracefully.
diff --git a/examples/t/awssig.t b/examples/t/awssig.t
@@ -11,6 +11,8 @@ use strict;
 
 use Test::More;
 
+use Socket qw/ CRLF /;
+
 BEGIN { use FindBin; chdir($FindBin::Bin); }
 
 use lib 'lib';
@@ -21,7 +23,7 @@ use Test::Nginx;
 select STDERR; $| = 1;
 select STDOUT; $| = 1;
 
-my $t = Test::Nginx->new()->has(qw/http proxy/)->plan(1)
+my $t = Test::Nginx->new()->has(qw/http proxy/)->plan(2)
 	->write_file_expand('nginx.conf', <<"EOF");
 
 %%TEST_GLOBALS%%
@@ -70,4 +72,12 @@ $t->run();
 like(http_get('/'), qr/x-authorization: AWS4.*Credential=my-access-key/i,
 	'awssig header');
 
+like(http(
+    'GET / HTTP/1.0' . CRLF
+    . 'Foo: foo' . CRLF
+    . "Bar: \xFF\xFE\x80\x81" . CRLF
+	. "Host: localhost" . CRLF . CRLF
+), qr/x-authorization: AWS4.*Credential=my-access-key/,
+	'awssig invalid header ignored');
+
 ###############################################################################
diff --git a/src/http/request.rs b/src/http/request.rs
@@ -465,20 +465,36 @@ impl<'a> Iterator for NgxListIterator<'a> {
     type Item = (&'a str, &'a str);
 
     fn next(&mut self) -> Option<Self::Item> {
-        let part = self.part.as_mut()?;
-        if self.i >= part.arr.len() {
-            if let Some(next_part_raw) = unsafe { part.raw.next.as_ref() } {
-                // loop back
-                *part = next_part_raw.into();
-                self.i = 0;
-            } else {
-                self.part = None;
-                return None;
+        loop {
+            let part = self.part.as_mut()?;
+            if self.i >= part.arr.len() {
+                if let Some(next_part_raw) = unsafe { part.raw.next.as_ref() } {
+                    // loop back
+                    *part = next_part_raw.into();
+                    self.i = 0;
+                } else {
+                    self.part = None;
+                    return None;
+                }
+            }
+            let header = &part.arr[self.i];
+            self.i += 1;
+
+            let key_bytes = header.key.as_ref();
+            let value_bytes = header.value.as_ref();
+
+            match (
+                std::str::from_utf8(key_bytes),
+                std::str::from_utf8(value_bytes),
+            ) {
+                (Ok(key), Ok(value)) => {
+                    return Some((key, value));
+                }
+                _ => {
+                    continue;
+                }
             }
         }
-        let header = &part.arr[self.i];
-        self.i += 1;
-        Some((header.key.to_str(), header.value.to_str()))
     }
 }
 
