diff options
author | jan <jan@152afb58-edef-0310-8abb-c4023f1b3aa9> | 2005-03-16 13:55:45 +0000 |
---|---|---|
committer | jan <jan@152afb58-edef-0310-8abb-c4023f1b3aa9> | 2005-03-16 13:55:45 +0000 |
commit | e290b1cf9e7a2c62d3d2ff78aa20746bba2f93d0 (patch) | |
tree | 482b1c4e8934c465d38eb54c4474edc54226b5e3 | |
parent | 6c24e8ebe0957e98a3d1d38e5e2a35a90553aa4d (diff) | |
download | lighttpd-e290b1cf9e7a2c62d3d2ff78aa20746bba2f93d0.tar.gz |
check that the method name is A-Z only and allow content for all method except GET and HEAD
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/post-upload-cleanup@162 152afb58-edef-0310-8abb-c4023f1b3aa9
-rw-r--r-- | src/request.c | 93 |
1 files changed, 57 insertions, 36 deletions
diff --git a/src/request.c b/src/request.c index 734060d9..b835c072 100644 --- a/src/request.c +++ b/src/request.c @@ -323,7 +323,7 @@ int http_request_parse(server *srv, connection *con) { data_string *ds = NULL; /* - * Request: "^(GET|POST|HEAD) ([^ ]+(\\?[^ ]+|)) (HTTP/1\\.[01])$" + * Request: "^([A-Z]+) ([^ ]+(\\?[^ ]+|)) (HTTP/1\\.[01])$" * Option : "^([-a-zA-Z]+): (.+)$" * End : "^$" */ @@ -364,6 +364,7 @@ int http_request_parse(server *srv, connection *con) { if (con->parse_request->ptr[i+1] == '\n') { char *nuri = NULL; size_t j; + char *c; /* \r\n -> \0\0 */ con->parse_request->ptr[i] = '\0'; @@ -394,6 +395,23 @@ int http_request_parse(server *srv, connection *con) { con->request.http_method_id = get_http_method_key(method); buffer_copy_string(con->request.http_method_name, method); + /* method name is only [A-Z]+ */ + for (c = con->request.http_method_name->ptr; *c; c++) { + if (*c < 'A' || *c > 'Z') { + con->http_status = 400; + con->response.keep_alive = 0; + con->keep_alive = 0; + + log_error_write(srv, __FILE__, __LINE__, "s", "illegal method-name -> 400"); + if (srv->srvconf.log_request_header_on_error) { + log_error_write(srv, __FILE__, __LINE__, "Sb", + "request-header:\n", + con->request.request); + } + return 0; + } + } + if (0 == strncmp(proto, "HTTP/1.", sizeof("HTTP/1.") - 1)) { if (proto[7] == '1') { con->request.http_version = con->conf.allow_http11 ? HTTP_VERSION_1_1 : HTTP_VERSION_1_0; @@ -961,15 +979,46 @@ int http_request_parse(server *srv, connection *con) { return 0; } - /* check if we have read post data */ - if (con->request.http_method_id == HTTP_METHOD_POST) { + /* GET and HEAD don't have a content-length */ + if (con_length_set) { server_socket *srv_socket = con->srv_socket; - if (con->request.http_content_type == NULL) { - log_error_write(srv, __FILE__, __LINE__, "s", - "POST request, but content-type not set"); - } - if (con_length_set == 0) { + switch(con->request.http_method_id) { + case HTTP_METHOD_GET: + case HTTP_METHOD_HEAD: + break; + default: + /* don't handle more the SSIZE_MAX bytes in content-length */ + if (con->request.content_length > SSIZE_MAX) { + con->http_status = 413; + + log_error_write(srv, __FILE__, __LINE__, "sds", + "request-size too long:", con->request.content_length, "-> 413"); + return 0; + } + + /* divide by 1024 as srvconf.max_request_size is in kBytes */ + if (srv_socket->max_request_size != 0 && + (con->request.content_length >> 10) > srv_socket->max_request_size) { + /* the request body itself is larger then + * our our max_request_size + */ + + con->http_status = 413; + + log_error_write(srv, __FILE__, __LINE__, "sds", + "request-size too long:", con->request.content_length, "-> 413"); + return 0; + } + + if (con->request.content_length != 0) { + /* we have to fetch the request-body */ + con->request.content_finished = 0; + } + break; + } + } else { + if (con->request.http_method_id == HTTP_METHOD_POST) { /* content-length is missing */ log_error_write(srv, __FILE__, __LINE__, "s", "POST-request, but content-length missing -> 411"); @@ -977,34 +1026,6 @@ int http_request_parse(server *srv, connection *con) { con->http_status = 411; return 0; } - - /* don't handle more the SSIZE_MAX bytes in content-length */ - if (con->request.content_length > SSIZE_MAX) { - con->http_status = 413; - - log_error_write(srv, __FILE__, __LINE__, "sds", - "request-size too long:", con->request.content_length, "-> 413"); - return 0; - } - - /* divide by 1024 as srvconf.max_request_size is in kBytes */ - if (srv_socket->max_request_size != 0 && - (con->request.content_length >> 10) > srv_socket->max_request_size) { - /* the request body itself is larger then - * our our max_request_size - */ - - con->http_status = 413; - - log_error_write(srv, __FILE__, __LINE__, "sds", - "request-size too long:", con->request.content_length, "-> 413"); - return 0; - } - - if (con->request.content_length != 0) { - /* we have to fetch the request-body */ - con->request.content_finished = 0; - } } return 0; |