Further request method check strengthening.

Do not accept PUN/GEM methods as PUT/GET.
* Encountering them returns an error, `HPE_INVALID_METHOD` * Tests have been added.
2 changed files with 30 additions and 9 deletions
--- a/http_parser.c
+++ b/http_parser.c
@ -936,6 +936,7 @@ size_t http_parser_execute (http_parser *parser,
          } else if (parser->index == 2  && ch == 'P') {
            parser->method = HTTP_COPY;
          } else {
            SET_ERRNO(HPE_INVALID_METHOD);
            goto error;
          }
        } else if (parser->method == HTTP_MKCOL) {
@ -948,12 +949,14 @@ size_t http_parser_execute (http_parser *parser,
          } else if (parser->index == 2 && ch == 'A') {
            parser->method = HTTP_MKACTIVITY;
          } else {
            SET_ERRNO(HPE_INVALID_METHOD);
            goto error;
          }
        } else if (parser->method == HTTP_SUBSCRIBE) {
          if (parser->index == 1 && ch == 'E') {
            parser->method = HTTP_SEARCH;
          } else {
            SET_ERRNO(HPE_INVALID_METHOD);
            goto error;
          }
        } else if (parser->index == 1 && parser->method == HTTP_POST) {
@ -964,13 +967,27 @@ size_t http_parser_execute (http_parser *parser,
          } else if (ch == 'A') {
            parser->method = HTTP_PATCH;
          } else {
            SET_ERRNO(HPE_INVALID_METHOD);
            goto error;
          }
        } else if (parser->index == 2) {
          if (parser->method == HTTP_PUT) {
-            if (ch == 'R') parser->method = HTTP_PURGE;
+            if (ch == 'R') {
              parser->method = HTTP_PURGE;
            } else {
              SET_ERRNO(HPE_INVALID_METHOD);
              goto error;
            }
          } else if (parser->method == HTTP_UNLOCK) {
-            if (ch == 'S') parser->method = HTTP_UNSUBSCRIBE;
+            if (ch == 'S') {
              parser->method = HTTP_UNSUBSCRIBE;
            } else {
              SET_ERRNO(HPE_INVALID_METHOD);
              goto error;
            }
          } else {
            SET_ERRNO(HPE_INVALID_METHOD);
            goto error;
          }
        } else if (parser->index == 4 && parser->method == HTTP_PROPFIND && ch == 'P') {
          parser->method = HTTP_PROPPATCH;
--- a/test.c
+++ b/test.c
@ -3117,14 +3117,8 @@ main (void)
  /// REQUESTS
  test_simple("hello world", HPE_INVALID_METHOD);
  test_simple("GET / HTP/1.1\r\n\r\n", HPE_INVALID_VERSION);
  test_simple("ASDF / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
  test_simple("PROPPATCHA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
  test_simple("GETA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
  // Well-formed but incomplete
  test_simple("GET / HTTP/1.1\r\n"
              "Content-Type: text/plain\r\n"
@ -3167,13 +3161,23 @@ main (void)
  }
  static const char *bad_methods[] = {
      "ASDF",
      "C******",
      "COLA",
      "GEM",
      "GETA",
      "M****",
      "MKCOLA",
      "PROPPATCHA",
      "PUN",
      "PX",
      "SA",
      "hello world",
      0 };
  for (this_method = bad_methods; *this_method; this_method++) {
    char buf[200];
    sprintf(buf, "%s / HTTP/1.1\r\n\r\n", *this_method);
-    test_simple(buf, HPE_UNKNOWN);
+    test_simple(buf, HPE_INVALID_METHOD);
  }
  const char *dumbfuck2 =
Author	SHA1	Message	Date
Ben Noordhuis	303c4e46c4	Further request method check strengthening.	11 years ago
Chris Dickinson	ddfa1b3ee3	Do not accept PUN/GEM methods as PUT/GET. * Encountering them returns an error, `HPE_INVALID_METHOD` * Tests have been added.	11 years ago