Merge branch 'hotfix/187' into develop

Forward port #187

CHANGELOG.md

@@ -46,6 +46,8 @@ All notable changes to this project will be documented in this file, in reverse
 
 - [#184](https://github.com/zendframework/zend-http/pull/184) fixes responses for request through the proxy with `HTTP/1.1 200 Connection established` header. 
 
+- [#187](https://github.com/zendframework/zend-http/pull/187) fixes infinite recursion on invalid header. Now `InvalidArgumentException` exception is thrown. 
+
 ## 2.10.0 - 2019-02-19
 
 ### Added

src/Headers.php

@@ -455,7 +455,7 @@ public function forceLoading()
 
     /**
      * @param $index
-     * @param bool $isGeneric
+     * @param bool $isGeneric If true, there is no need to parse $index and call the ClassLoader.
      * @return mixed|void
      */
     protected function lazyLoadHeader($index, $isGeneric = false)
@@ -472,6 +472,12 @@ protected function lazyLoadHeader($index, $isGeneric = false)
         try {
             $headers = $class::fromString($current['line']);
         } catch (Exception\InvalidArgumentException $exception) {
+            // Generic Header should throw an exception if it fails
+            if ($isGeneric) {
+                throw $exception;
+            }
+
+            // Retry one more time with GenericHeader
             return $this->lazyLoadHeader($index, true);
         }
         if (is_array($headers)) {

test/HeadersTest.php

@@ -315,4 +315,14 @@ public function testCRLFAttack()
         $this->expectException(RuntimeException::class);
         Headers::fromString("Fake: foo-bar\r\n\r\nevilContent");
     }
+
+    public function testThrowExceptionOnInvalidHeader()
+    {
+        $headers = new Headers();
+        $headers->addHeaderLine('Location', "/mail\r\ntest");
+
+        $this->expectException(InvalidArgumentException::class);
+        $this->expectExceptionMessage('Invalid header value detected');
+        $headers->get('Location');
+    }
 }