diff options
| author | Glenn Strauss <gstrauss@gluelogic.com> | 2022-03-28 17:57:29 -0400 |
|---|---|---|
| committer | Glenn Strauss <gstrauss@gluelogic.com> | 2022-03-29 02:04:24 -0400 |
| commit | 772919f93446acc853d004af8971557035af0d0d (patch) | |
| tree | 09738a5008c8c11dfd13a7ad9e993c58d6a16721 | |
| parent | aea4a18098866d6d6ef281cd6f3de10b9d522c7a (diff) | |
| download | lighttpd-git-772919f93446acc853d004af8971557035af0d0d.tar.gz | |
[core] stricter conformance w/ upcoming HTTP/2 rev
stricter conformance with upcoming HTTP and HTTP/2 RFC revisions
| -rw-r--r-- | src/request.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/src/request.c b/src/request.c index 09ad010e..976201bc 100644 --- a/src/request.c +++ b/src/request.c @@ -48,6 +48,7 @@ __attribute_pure__ static const char * http_request_check_line_minimal (const char * const restrict s, const uint_fast32_t len) { for (uint_fast32_t i = 0; i < len; ++i) { if (__builtin_expect( (s[i] == '\0'), 0)) return s+i; + if (__builtin_expect( (s[i] == '\r'), 0)) return s+i; if (__builtin_expect( (s[i] == '\n'), 0)) return s+i; } return NULL; @@ -596,9 +597,9 @@ http_request_parse_header (request_st * const restrict r, http_header_parse_ctx /* Note: k and v might not be '\0' terminated strings; * care must be taken to avoid libc funcs which expect z-strings */ const char * const restrict k = hpctx->k; - const char * const restrict v = hpctx->v; + const char * restrict v = hpctx->v; const uint32_t klen = hpctx->klen; - const uint32_t vlen = hpctx->vlen; + uint32_t vlen = hpctx->vlen; if (0 == klen) return http_request_header_line_invalid(r, 400, @@ -744,6 +745,16 @@ http_request_parse_header (request_st * const restrict r, http_header_parse_ctx return http_request_header_char_invalid(r, *x, "invalid character in header -> 400"); + /* remove leading and trailing whitespace (strict RFC conformance)*/ + if (__builtin_expect( (*v <= 0x20), 0)) { + while ((*v == ' ' || *v == '\t') && (++v, --vlen)) ; + if (0 == vlen) + return 0; + } + if (__builtin_expect( (v[vlen-1] <= 0x20), 0)) { + while (v[vlen-1] == ' ' || v[vlen-1] == '\t') --vlen; + } + if (__builtin_expect( (hpctx->id == HTTP_HEADER_H2_UNKNOWN), 0)) { uint32_t j = 0; while (j < klen && (light_islower(k[j]) || k[j] == '-')) |