diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2012-10-30 14:09:23 +0100 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2012-10-30 14:09:23 +0100 |
commit | e57bf6d8bfa465a50eea2c30269acdfe751a46fd (patch) | |
tree | 006bfbae0f826d68e0d1eefc9a70d9f4171555ca | |
parent | 610ed7cc236ff4cb08ace8df8ae0bede18bf38c5 (diff) | |
download | uhttpd-e57bf6d8bfa465a50eea2c30269acdfe751a46fd.tar.gz |
back out early if the first client socket read doesn't yield a valid HTTP method signature
-rw-r--r-- | uhttpd.c | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -376,6 +376,17 @@ static struct http_request * uh_http_header_parse(struct client *cl, return NULL; } +static bool uh_http_header_check_method(const char *buf, ssize_t rlen) +{ + int i; + + for (i = 0; i < sizeof(http_methods)/sizeof(http_methods[0]); i++) + if (!strncmp(buf, http_methods[i], min(rlen, strlen(http_methods[i])))) + return true; + + return false; +} + static struct http_request * uh_http_header_recv(struct client *cl) { @@ -399,6 +410,15 @@ static struct http_request * uh_http_header_recv(struct client *cl) return NULL; } + /* first read attempt, check for valid method signature */ + if ((bufptr == cl->httpbuf.buf) && + !uh_http_header_check_method(bufptr, rlen)) + { + D("SRV: Client(%d) no valid HTTP method, abort\n", cl->fd.fd); + uh_http_response(cl, 400, "Bad Request"); + return NULL; + } + blen -= rlen; bufptr += rlen; @@ -553,6 +573,7 @@ static void uh_listener_cb(struct uloop_fd *u, unsigned int events) D("SRV: Client(%d) SSL handshake failed, drop\n", new_fd); /* remove from global client list */ + uh_http_response(cl, 400, "Bad Request"); uh_client_remove(cl); return; } |