Fix CVE-2023-26148 (#443)

http/HttpMessage.cpp

@@ -489,7 +489,23 @@ void HttpMessage::DumpHeaders(std::string& str) {
             // %s: %s\r\n
             str += header.first;
             str += ": ";
-            str += header.second;
+            // if the value has \r\n, translate to \\r\\n
+            if (header.second.find("\r") != std::string::npos ||
+                header.second.find("\n") != std::string::npos) {
+                std::string newStr = "";
+                for (size_t i = 0; i < header.second.size(); ++i) {
+                    if (header.second[i] == '\r') {
+                        newStr += "\\r";
+                    } else if (header.second[i] == '\n') {
+                        newStr += "\\n";
+                    } else {
+                        newStr += header.second[i];
+                    }
+                }
+                str += newStr;
+            } else {
+                str += header.second;
+            }
             str += "\r\n";
         }
     }