haiwan
/
http-parser
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Do not accept PUN/GEM methods as PUT/GET.

Browse Source 
* Encountering them returns an error, `HPE_INVALID_METHOD`
* Tests have been added.
v0.10
Chris Dickinson 12 years ago committed by Ben Noordhuis
parent ad3b631d4f
commit ddfa1b3ee3
2 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File

19
http_parser.c
Unescape View File

@ -954,6 +954,7 @@ size_t http_parser_execute (http_parser *parser,
if (parser->index == 1 && ch == 'E') { if (parser->index == 1 && ch == 'E') {
parser->method = HTTP_SEARCH; parser->method = HTTP_SEARCH;
} else { } else {
SET_ERRNO(HPE_INVALID_METHOD);
goto error; goto error;
} }
} else if (parser->index == 1 && parser->method == HTTP_POST) { } else if (parser->index == 1 && parser->method == HTTP_POST) {
@ -964,13 +965,27 @@ size_t http_parser_execute (http_parser *parser,
} else if (ch == 'A') { } else if (ch == 'A') {
parser->method = HTTP_PATCH; parser->method = HTTP_PATCH;
} else { } else {
SET_ERRNO(HPE_INVALID_METHOD);
goto error; goto error;
} }
} else if (parser->index == 2) { } else if (parser->index == 2) {
if (parser->method == HTTP_PUT) { if (parser->method == HTTP_PUT) {
if (ch == 'R') parser->method = HTTP_PURGE; if (ch == 'R') {
parser->method = HTTP_PURGE;
} else {
SET_ERRNO(HPE_INVALID_METHOD);
goto error;
}
} else if (parser->method == HTTP_UNLOCK) { } else if (parser->method == HTTP_UNLOCK) {
if (ch == 'S') parser->method = HTTP_UNSUBSCRIBE; if (ch == 'S') {
parser->method = HTTP_UNSUBSCRIBE;
} else {
SET_ERRNO(HPE_INVALID_METHOD);
goto error;
}
} else {
SET_ERRNO(HPE_INVALID_METHOD);
goto error;
} }
} else if (parser->index == 4 && parser->method == HTTP_PROPFIND && ch == 'P') { } else if (parser->index == 4 && parser->method == HTTP_PROPFIND && ch == 'P') {
parser->method = HTTP_PROPPATCH; parser->method = HTTP_PROPPATCH;

5
test.c
Unescape View File

@ -3119,7 +3119,10 @@ main (void)
test_simple("hello world", HPE_INVALID_METHOD); test_simple("hello world", HPE_INVALID_METHOD);
test_simple("GET / HTP/1.1\r\n\r\n", HPE_INVALID_VERSION); test_simple("GET / HTP/1.1\r\n\r\n", HPE_INVALID_VERSION);
test_simple("GEM / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
test_simple("PUN / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
test_simple("PX / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
test_simple("SA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
test_simple("ASDF / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD); test_simple("ASDF / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
test_simple("PROPPATCHA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD); test_simple("PROPPATCHA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);

Write Preview
Loading…
Cancel
Save