From ddfa1b3ee32e571f9cd2de69b97a57862500f63a Mon Sep 17 00:00:00 2001
From: Chris Dickinson <christopher.s.dickinson@gmail.com>
Date: Mon, 19 Aug 2013 22:16:25 -0700
Subject: [PATCH] Do not accept PUN/GEM methods as PUT/GET.

* Encountering them returns an error, `HPE_INVALID_METHOD`
* Tests have been added.
---
 http_parser.c | 19 +++++++++++++++++--
 test.c        |  5 ++++-
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/http_parser.c b/http_parser.c
index 5e0a950..a221983 100644
--- a/http_parser.c
+++ b/http_parser.c
@@ -954,6 +954,7 @@ size_t http_parser_execute (http_parser *parser,
           if (parser->index == 1 && ch == 'E') {
             parser->method = HTTP_SEARCH;
           } else {
+            SET_ERRNO(HPE_INVALID_METHOD);
             goto error;
           }
         } else if (parser->index == 1 && parser->method == HTTP_POST) {
@@ -964,13 +965,27 @@ size_t http_parser_execute (http_parser *parser,
           } else if (ch == 'A') {
             parser->method = HTTP_PATCH;
           } else {
+            SET_ERRNO(HPE_INVALID_METHOD);
             goto error;
           }
         } else if (parser->index == 2) {
           if (parser->method == HTTP_PUT) {
-            if (ch == 'R') parser->method = HTTP_PURGE;
+            if (ch == 'R') {
+              parser->method = HTTP_PURGE;
+            } else {
+              SET_ERRNO(HPE_INVALID_METHOD);
+              goto error;
+            }
           } else if (parser->method == HTTP_UNLOCK) {
-            if (ch == 'S') parser->method = HTTP_UNSUBSCRIBE;
+            if (ch == 'S') {
+              parser->method = HTTP_UNSUBSCRIBE;
+            } else {
+              SET_ERRNO(HPE_INVALID_METHOD);
+              goto error;
+            }
+          } else {
+            SET_ERRNO(HPE_INVALID_METHOD);
+            goto error;
           }
         } else if (parser->index == 4 && parser->method == HTTP_PROPFIND && ch == 'P') {
           parser->method = HTTP_PROPPATCH;
diff --git a/test.c b/test.c
index 81e0c3b..6cdac40 100644
--- a/test.c
+++ b/test.c
@@ -3119,7 +3119,10 @@ main (void)
 
   test_simple("hello world", HPE_INVALID_METHOD);
   test_simple("GET / HTP/1.1\r\n\r\n", HPE_INVALID_VERSION);
-
+  test_simple("GEM / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
+  test_simple("PUN / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
+  test_simple("PX / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
+  test_simple("SA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
 
   test_simple("ASDF / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
   test_simple("PROPPATCHA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);