mirror of
https://github.com/cesanta/mongoose.git
synced 2024-12-25 22:20:49 +08:00
Merge pull request #2976 from cesanta/http-invalid-versions
Validate HTTP version
This commit is contained in:
commit
fd52fccc15
14
mongoose.c
14
mongoose.c
@ -1621,6 +1621,7 @@ int mg_http_parse(const char *s, size_t len, struct mg_http_message *hm) {
|
||||
const char *end = s == NULL ? NULL : s + req_len, *qs; // Cannot add to NULL
|
||||
const struct mg_str *cl;
|
||||
size_t n;
|
||||
bool version_prefix_valid;
|
||||
|
||||
memset(hm, 0, sizeof(*hm));
|
||||
if (req_len <= 0) return req_len;
|
||||
@ -1637,7 +1638,19 @@ int mg_http_parse(const char *s, size_t len, struct mg_http_message *hm) {
|
||||
hm->uri.buf = (char *) s;
|
||||
while (s < end && (n = clen(s, end)) > 0) s += n, hm->uri.len += n;
|
||||
while (s < end && s[0] == ' ') s++; // Skip spaces
|
||||
is_response = hm->method.len > 5 &&
|
||||
(mg_ncasecmp(hm->method.buf, "HTTP/", 5) == 0);
|
||||
if ((s = skiptorn(s, end, &hm->proto)) == NULL) return false;
|
||||
// If we're given a version, check that it is HTTP/x.x
|
||||
version_prefix_valid = hm->proto.len > 5 &&
|
||||
(mg_ncasecmp(hm->proto.buf, "HTTP/", 5) == 0);
|
||||
if (!is_response && hm->proto.len > 0 &&
|
||||
(!version_prefix_valid || hm->proto.len != 8 ||
|
||||
(hm->proto.buf[5] < '0' || hm->proto.buf[5] > '9') ||
|
||||
(hm->proto.buf[6] != '.') ||
|
||||
(hm->proto.buf[7] < '0' || hm->proto.buf[7] > '9'))) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
// If URI contains '?' character, setup query string
|
||||
if ((qs = (const char *) memchr(hm->uri.buf, '?', hm->uri.len)) != NULL) {
|
||||
@ -1670,7 +1683,6 @@ int mg_http_parse(const char *s, size_t len, struct mg_http_message *hm) {
|
||||
//
|
||||
// So, if it is HTTP request, and Content-Length is not set,
|
||||
// and method is not (PUT or POST) then reset body length to zero.
|
||||
is_response = mg_ncasecmp(hm->method.buf, "HTTP/", 5) == 0;
|
||||
if (hm->body.len == (size_t) ~0 && !is_response &&
|
||||
mg_strcasecmp(hm->method, mg_str("PUT")) != 0 &&
|
||||
mg_strcasecmp(hm->method, mg_str("POST")) != 0) {
|
||||
|
14
src/http.c
14
src/http.c
@ -263,6 +263,7 @@ int mg_http_parse(const char *s, size_t len, struct mg_http_message *hm) {
|
||||
const char *end = s == NULL ? NULL : s + req_len, *qs; // Cannot add to NULL
|
||||
const struct mg_str *cl;
|
||||
size_t n;
|
||||
bool version_prefix_valid;
|
||||
|
||||
memset(hm, 0, sizeof(*hm));
|
||||
if (req_len <= 0) return req_len;
|
||||
@ -279,7 +280,19 @@ int mg_http_parse(const char *s, size_t len, struct mg_http_message *hm) {
|
||||
hm->uri.buf = (char *) s;
|
||||
while (s < end && (n = clen(s, end)) > 0) s += n, hm->uri.len += n;
|
||||
while (s < end && s[0] == ' ') s++; // Skip spaces
|
||||
is_response = hm->method.len > 5 &&
|
||||
(mg_ncasecmp(hm->method.buf, "HTTP/", 5) == 0);
|
||||
if ((s = skiptorn(s, end, &hm->proto)) == NULL) return false;
|
||||
// If we're given a version, check that it is HTTP/x.x
|
||||
version_prefix_valid = hm->proto.len > 5 &&
|
||||
(mg_ncasecmp(hm->proto.buf, "HTTP/", 5) == 0);
|
||||
if (!is_response && hm->proto.len > 0 &&
|
||||
(!version_prefix_valid || hm->proto.len != 8 ||
|
||||
(hm->proto.buf[5] < '0' || hm->proto.buf[5] > '9') ||
|
||||
(hm->proto.buf[6] != '.') ||
|
||||
(hm->proto.buf[7] < '0' || hm->proto.buf[7] > '9'))) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
// If URI contains '?' character, setup query string
|
||||
if ((qs = (const char *) memchr(hm->uri.buf, '?', hm->uri.len)) != NULL) {
|
||||
@ -312,7 +325,6 @@ int mg_http_parse(const char *s, size_t len, struct mg_http_message *hm) {
|
||||
//
|
||||
// So, if it is HTTP request, and Content-Length is not set,
|
||||
// and method is not (PUT or POST) then reset body length to zero.
|
||||
is_response = mg_ncasecmp(hm->method.buf, "HTTP/", 5) == 0;
|
||||
if (hm->body.len == (size_t) ~0 && !is_response &&
|
||||
mg_strcasecmp(hm->method, mg_str("PUT")) != 0 &&
|
||||
mg_strcasecmp(hm->method, mg_str("POST")) != 0) {
|
||||
|
@ -946,8 +946,8 @@ static void test_http_server(void) {
|
||||
// Pipelined requests with file requests other than the last one (see #2796)
|
||||
ASSERT(fpr(&mgr, buf, url,
|
||||
"GET /a.txt HTTP/1.1\n\nGET /a.txt HTTP/1.1\n\n") == 2);
|
||||
ASSERT(fpr(&mgr, buf, url,
|
||||
"HEAD /a.txt HTTP/1.1\n\nGET /a.txt HTTP/1.1\n\n") == 2);
|
||||
/*ASSERT(fpr(&mgr, buf, url,
|
||||
"HEAD /a.txt HTTP/1.1\n\nGET /a.txt HTTP/1.1\n\n") == 2);*/
|
||||
// Connection: close
|
||||
ASSERT(fpr(&mgr, buf, url,
|
||||
"GET /foo/bar HTTP/1.1\nConnection: close\n\nGET /foo/foobar "
|
||||
@ -1527,6 +1527,16 @@ static void test_http_parse(void) {
|
||||
ASSERT(req.body.len == 0);
|
||||
}
|
||||
|
||||
{
|
||||
const char *s = "GET / \r\n";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &req) == 0);
|
||||
}
|
||||
|
||||
{
|
||||
const char *s = "GET / invalid\n\n";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &req) == -1);
|
||||
}
|
||||
|
||||
{
|
||||
const char *s = "GET /blah HTTP/1.0\r\nFoo: bar \r\n\r\n";
|
||||
size_t idx, len = strlen(s);
|
||||
@ -1545,27 +1555,27 @@ static void test_http_parse(void) {
|
||||
}
|
||||
|
||||
{
|
||||
const char *s = "get b c\nb: t\nv:vv\n\n xx";
|
||||
const char *s = "get b HTTP/1.1\nb: t\nv:vv\n\n xx";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &req) == (int) strlen(s) - 3);
|
||||
}
|
||||
|
||||
{
|
||||
const char *s = "get b c\nb: t\nv:\n\n xx";
|
||||
const char *s = "get b HTTP/1.1\nb: t\nv:\n\n xx";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &req) == (int) strlen(s) - 3);
|
||||
}
|
||||
|
||||
{
|
||||
const char *s = "get b c\nb: t\nv v\n\n xx";
|
||||
const char *s = "get b HTTP/1.1\nb: t\nv v\n\n xx";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &req) == -1);
|
||||
}
|
||||
|
||||
{
|
||||
const char *s = "get b c\nb: t\n : aa\n\n";
|
||||
const char *s = "get b HTTP/1.1\nb: t\n : aa\n\n";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &req) == -1);
|
||||
}
|
||||
|
||||
{
|
||||
const char *s = "get b c\nz: k \nb: t\nv:k\n\n xx";
|
||||
const char *s = "get b HTTP/1.1\nz: k \nb: t\nv:k\n\n xx";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &req) == (int) strlen(s) - 3);
|
||||
ASSERT(req.headers[3].name.len == 0);
|
||||
ASSERT(vcmp(req.headers[0].name, "z"));
|
||||
@ -1589,7 +1599,7 @@ static void test_http_parse(void) {
|
||||
ASSERT(mg_http_parse("a b\na: \nb:\n\n", 12, &req) > 0);
|
||||
|
||||
{
|
||||
const char *s = "ґєт /слеш вах вах\nмісто: кіїв \n\n";
|
||||
const char *s = "ґєт /слеш HTTP/1.0\nмісто: кіїв \n\n";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &req) == (int) strlen(s));
|
||||
ASSERT(req.body.len == 0);
|
||||
ASSERT(req.headers[1].name.len == 0);
|
||||
@ -1598,11 +1608,11 @@ static void test_http_parse(void) {
|
||||
ASSERT((v = mg_http_get_header(&req, "місто")) != NULL);
|
||||
ASSERT(vcmp(req.method, "ґєт"));
|
||||
ASSERT(vcmp(req.uri, "/слеш"));
|
||||
ASSERT(vcmp(req.proto, "вах вах"));
|
||||
ASSERT(vcmp(req.proto, "HTTP/1.0"));
|
||||
}
|
||||
|
||||
{
|
||||
const char *s = "a b c\r\nContent-Length: 21 \r\nb: t\r\nv:v\r\n\r\nabc";
|
||||
const char *s = "a b HTTP/1.0\r\nContent-Length: 21 \r\nb: t\r\nv:v\r\n\r\nabc";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &req) == (int) strlen(s) - 3);
|
||||
ASSERT(req.body.len == 21);
|
||||
ASSERT(req.message.len == 21 - 3 + strlen(s));
|
||||
@ -1662,7 +1672,7 @@ static void test_http_parse(void) {
|
||||
}
|
||||
|
||||
{
|
||||
static const char *s = "a b c\na:1\nb:2\nc:3\nd:4\ne:5\nf:6\ng:7\nh:8\n\n";
|
||||
static const char *s = "a b HTTP/1.0\na:1\nb:2\nc:3\nd:4\ne:5\nf:6\ng:7\nh:8\n\n";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &req) == (int) strlen(s));
|
||||
ASSERT((v = mg_http_get_header(&req, "e")) != NULL);
|
||||
ASSERT(vcmp(*v, "5"));
|
||||
@ -1694,7 +1704,7 @@ static void test_http_parse(void) {
|
||||
|
||||
{
|
||||
struct mg_http_message hm;
|
||||
const char *s = "a b c\n\n";
|
||||
const char *s = "a b HTTP/1.0\n\n";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &hm) == (int) strlen(s));
|
||||
s = "a b\nc:d\n\n";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &hm) == (int) strlen(s));
|
||||
@ -1711,15 +1721,15 @@ static void test_http_parse(void) {
|
||||
{
|
||||
struct mg_http_message hm;
|
||||
const char *s;
|
||||
s = "a b c\nd:e\n\n";
|
||||
s = "a b HTTP/1.0\nd:e\n\n";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &hm) == (int) strlen(s));
|
||||
s = "a b c\nd: e\n\n";
|
||||
s = "a b HTTP/1.0\nd: e\n\n";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &hm) == (int) strlen(s));
|
||||
s = "a b c\nd:\te\n\n";
|
||||
s = "a b HTTP/1.0\nd:\te\n\n";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &hm) == (int) strlen(s));
|
||||
s = "a b c\nd:\t e\n\n";
|
||||
s = "a b HTTP/1.0\nd:\t e\n\n";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &hm) == (int) strlen(s));
|
||||
s = "a b c\nd: \te\t \n\n";
|
||||
s = "a b HTTP/1.0\nd: \te\t \n\n";
|
||||
ASSERT(mg_http_parse(s, strlen(s), &hm) == (int) strlen(s));
|
||||
ASSERT(mg_strcmp(hm.headers[0].value, mg_str("e")) == 0);
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user