From 0b433671316ef7e6b73cae4ac23b8149fa0b9b24 Mon Sep 17 00:00:00 2001
From: Jeff Pinner <jpinner@twitter.com>
Date: Wed, 20 Aug 2014 08:32:14 -0700
Subject: [PATCH] http_parser: Follow RFC-7230 Sec 3.2.4

RFC-7230 Sec 3.2.4 expressly forbids line-folding in header
field-names.

This change no longer allows obsolete line-folding between the
header field-name and the colon. If HTTP_PARSER_STRICT is unset,
the parser still allows space characters.

Reviewed-By: Fedor Indutny <fedor@indutny.com>
---
 http_parser.c | 12 ------------
 test.c        |  7 +++++++
 2 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/http_parser.c b/http_parser.c
index 5e1dd3c..749d1bb 100644
--- a/http_parser.c
+++ b/http_parser.c
@@ -1390,18 +1390,6 @@ size_t http_parser_execute (http_parser *parser,
           break;
         }
 
-        if (ch == CR) {
-          parser->state = s_header_almost_done;
-          CALLBACK_DATA(header_field);
-          break;
-        }
-
-        if (ch == LF) {
-          parser->state = s_header_field_start;
-          CALLBACK_DATA(header_field);
-          break;
-        }
-
         SET_ERRNO(HPE_INVALID_HEADER_TOKEN);
         goto error;
       }
diff --git a/test.c b/test.c
index 9799dc6..19b3b07 100644
--- a/test.c
+++ b/test.c
@@ -3476,6 +3476,13 @@ main (void)
     test_simple(buf, HPE_INVALID_METHOD);
   }
 
+  // illegal header field name line folding
+  test_simple("GET / HTTP/1.1\r\n"
+              "name\r\n"
+              " : value\r\n"
+              "\r\n",
+              HPE_INVALID_HEADER_TOKEN);
+
   const char *dumbfuck2 =
     "GET / HTTP/1.1\r\n"
     "X-SSL-Bullshit:   -----BEGIN CERTIFICATE-----\r\n"