Crash (parse_http_headers) when passing special characters in request headers

[SiyiJia]

My program crashes when passing a REST request with special characters in the request header.

My request is like PUT xxxx:port/api/test Header: name: äüöß"

The call stack can be found below.

>    KernelBase.dll!00007ff995779689()    Unknown
     vcruntime140d.dll!00007ff98778b1f0()    Unknown
     cpprest.dll!utility::count_utf8_to_utf16(const std::string & s) Line 380    C++
     cpprest.dll!utility::conversions::utf8_to_utf16(const std::string & s) Line 415    C++
     cpprest.dll!utility::conversions::to_utf16string(const std::string & value) Line 619    C++
     cpprest.dll!web::http::experimental::details::parse_http_headers(const _HTTP_REQUEST_HEADERS & headers, web::http::http_headers & msgHeaders) Line 148    C++
     cpprest.dll!web::http::experimental::details::windows_request_context::read_headers_io_completion(unsigned long error_code, unsigned long __formal) Line 571    C++
     cpprest.dll!web::http::experimental::details::windows_request_context::async_process_request::__l2::<lambda>(unsigned long error, unsigned long nBytes) Line 492    C++
     [External Code]    
     cpprest.dll!web::http::experimental::details::http_overlapped::io_completion_callback(_TP_CALLBACK_INSTANCE * instance, void * context, void * pOverlapped, unsigned long result, unsigned __int64 numberOfBytesTransferred, _TP_IO * io) Line 67    C++
     [External Code]    

I understand that we should avoid special characters in request headers or at least decode them before the execution. But can we have a fix to check the request headers and reject it if there are any unacceptable characters instead of crashing?

[LeoKarlsruhe]

Hello You wrote "I understand that we should avoid special characters in request headers or at least decode them before the execution" I cant prevent that a client send corrupt header. Do you know how can I decode the header before they are parsed in io_completion_callback?