drop illegal header values

svn:r370

http.c

@@ -1115,10 +1115,16 @@ evhttp_remove_header(struct evkeyvalq *headers, const char *key)
 }
 
 int
-evhttp_add_header(struct evkeyvalq *headers, const char *key, const char *value)
+evhttp_add_header(struct evkeyvalq *headers,
+    const char *key, const char *value)
 {
 	struct evkeyval *header;
 
+	if (strchr(value, "\r") != NULL || strchr(value, "\n") != NULL) {
+		/* drop illegal headers */
+		return (-1);
+	}
+
 	header = calloc(1, sizeof(struct evkeyval));
 	if (header == NULL) {
 		event_warn("%s: calloc", __func__);