check that the method name is A-Z only and allow content for all method except GET and HEAD

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/post-upload-cleanup@162 152afb58-edef-0310-8abb-c4023f1b3aa9
author: jan <jan@152afb58-edef-0310-8abb-c4023f1b3aa9> 2005-03-16 13:55:45 +0000
committer: jan <jan@152afb58-edef-0310-8abb-c4023f1b3aa9> 2005-03-16 13:55:45 +0000
commit: e290b1cf9e7a2c62d3d2ff78aa20746bba2f93d0 (patch)
tree: 482b1c4e8934c465d38eb54c4474edc54226b5e3
parent: 6c24e8ebe0957e98a3d1d38e5e2a35a90553aa4d (diff)
download: lighttpd-e290b1cf9e7a2c62d3d2ff78aa20746bba2f93d0.tar.gz
1 files changed, 57 insertions, 36 deletions
diff --git a/src/request.c b/src/request.c
index 734060d9..b835c072 100644
--- a/src/request.c
+++ b/src/request.c
@@ -323,7 +323,7 @@ int http_request_parse(server *srv, connection *con) {
 	data_string *ds = NULL;
 	
 	/* 
-	 * Request: "^(GET|POST|HEAD) ([^ ]+(\\?[^ ]+|)) (HTTP/1\\.[01])$" 
+	 * Request: "^([A-Z]+) ([^ ]+(\\?[^ ]+|)) (HTTP/1\\.[01])$" 
 	 * Option : "^([-a-zA-Z]+): (.+)$"                    
 	 * End    : "^$"
 	 */
@@ -364,6 +364,7 @@ int http_request_parse(server *srv, connection *con) {
 			if (con->parse_request->ptr[i+1] == '\n') {
 				char *nuri = NULL;
 				size_t j;
+				char *c;
 				
 				/* \r\n -> \0\0 */
 				con->parse_request->ptr[i] = '\0';
@@ -394,6 +395,23 @@ int http_request_parse(server *srv, connection *con) {
 				con->request.http_method_id = get_http_method_key(method);
 				buffer_copy_string(con->request.http_method_name, method);
 				
+				/* method name is only [A-Z]+ */
+				for (c = con->request.http_method_name->ptr; *c; c++) {
+					if (*c < 'A' || *c > 'Z') {
+						con->http_status = 400;
+						con->response.keep_alive = 0;
+						con->keep_alive = 0;
+						
+						log_error_write(srv, __FILE__, __LINE__, "s", "illegal method-name -> 400");
+						if (srv->srvconf.log_request_header_on_error) {
+							log_error_write(srv, __FILE__, __LINE__, "Sb",
+									"request-header:\n",
+									con->request.request);
+						}
+						return 0;
+					}
+				}
+				
 				if (0 == strncmp(proto, "HTTP/1.", sizeof("HTTP/1.") - 1)) {
 					if (proto[7] == '1') {
 						con->request.http_version = con->conf.allow_http11 ? HTTP_VERSION_1_1 : HTTP_VERSION_1_0;
@@ -961,15 +979,46 @@ int http_request_parse(server *srv, connection *con) {
 		return 0;
 	}
 	
-	/* check if we have read post data */
-	if (con->request.http_method_id == HTTP_METHOD_POST) {
+	/* GET and HEAD don't have a content-length */
+	if (con_length_set) {
 		server_socket *srv_socket = con->srv_socket;
-		if (con->request.http_content_type == NULL) {
-			log_error_write(srv, __FILE__, __LINE__, "s", 
-					"POST request, but content-type not set");
-		}
 		
-		if (con_length_set == 0) {
+		switch(con->request.http_method_id) {
+		case HTTP_METHOD_GET:
+		case HTTP_METHOD_HEAD:
+			break;
+		default:
+			/* don't handle more the SSIZE_MAX bytes in content-length */
+			if (con->request.content_length > SSIZE_MAX) {
+				con->http_status = 413; 
+				
+				log_error_write(srv, __FILE__, __LINE__, "sds", 
+						"request-size too long:", con->request.content_length, "-> 413");
+				return 0;
+			}
+			
+			/* divide by 1024 as srvconf.max_request_size is in kBytes */
+			if (srv_socket->max_request_size != 0 &&
+			    (con->request.content_length >> 10) > srv_socket->max_request_size) {
+				/* the request body itself is larger then 
+				 * our our max_request_size
+				 */
+				
+				con->http_status = 413;
+				
+				log_error_write(srv, __FILE__, __LINE__, "sds", 
+						"request-size too long:", con->request.content_length, "-> 413");
+				return 0;
+			}
+			
+			if (con->request.content_length != 0) {
+				/* we have to fetch the request-body */
+				con->request.content_finished = 0;
+			}
+			break;
+		}
+	} else {
+		if (con->request.http_method_id == HTTP_METHOD_POST) {
 			/* content-length is missing */
 			log_error_write(srv, __FILE__, __LINE__, "s", 
 					"POST-request, but content-length missing -> 411");
@@ -977,34 +1026,6 @@ int http_request_parse(server *srv, connection *con) {
 			con->http_status = 411;
 			return 0;
 		}
-		
-		/* don't handle more the SSIZE_MAX bytes in content-length */
-		if (con->request.content_length > SSIZE_MAX) {
-			con->http_status = 413; 
-
-			log_error_write(srv, __FILE__, __LINE__, "sds", 
-					"request-size too long:", con->request.content_length, "-> 413");
-			return 0;
-		}
-		
-		/* divide by 1024 as srvconf.max_request_size is in kBytes */
-		if (srv_socket->max_request_size != 0 &&
-		    (con->request.content_length >> 10) > srv_socket->max_request_size) {
-			/* the request body itself is larger then 
-			 * our our max_request_size
-			 */
-		
-			con->http_status = 413;
-		
-			log_error_write(srv, __FILE__, __LINE__, "sds", 
-					"request-size too long:", con->request.content_length, "-> 413");
-			return 0;
-		}
-		
-		if (con->request.content_length != 0) {
-			/* we have to fetch the request-body */
-			con->request.content_finished = 0;
-		}
 	}
 	
 	return 0;
author	jan <jan@152afb58-edef-0310-8abb-c4023f1b3aa9>	2005-03-16 13:55:45 +0000
committer	jan <jan@152afb58-edef-0310-8abb-c4023f1b3aa9>	2005-03-16 13:55:45 +0000
commit	e290b1cf9e7a2c62d3d2ff78aa20746bba2f93d0 (patch)
tree	482b1c4e8934c465d38eb54c4474edc54226b5e3
parent	6c24e8ebe0957e98a3d1d38e5e2a35a90553aa4d (diff)
download	lighttpd-e290b1cf9e7a2c62d3d2ff78aa20746bba2f93d0.tar.gz