back out early if the first client socket read doesn't yield a valid HTTP method signature

1 files changed, 21 insertions, 0 deletions

diff --git a/uhttpd.c b/uhttpd.c
index 4b28a55..f9ac3db 100644
--- a/uhttpd.c
+++ b/uhttpd.c
@@ -376,6 +376,17 @@ static struct http_request * uh_http_header_parse(struct client *cl,
 	return NULL;
 }
 
+static bool uh_http_header_check_method(const char *buf, ssize_t rlen)
+{
+	int i;
+
+	for (i = 0; i < sizeof(http_methods)/sizeof(http_methods[0]); i++)
+		if (!strncmp(buf, http_methods[i], min(rlen, strlen(http_methods[i]))))
+			return true;
+
+	return false;
+}
+
 
 static struct http_request * uh_http_header_recv(struct client *cl)
 {
@@ -399,6 +410,15 @@ static struct http_request * uh_http_header_recv(struct client *cl)
 			return NULL;
 		}
 
+		/* first read attempt, check for valid method signature */
+		if ((bufptr == cl->httpbuf.buf) &&
+		    !uh_http_header_check_method(bufptr, rlen))
+		{
+			D("SRV: Client(%d) no valid HTTP method, abort\n", cl->fd.fd);
+			uh_http_response(cl, 400, "Bad Request");
+			return NULL;
+		}
+
 		blen -= rlen;
 		bufptr += rlen;
 
@@ -553,6 +573,7 @@ static void uh_listener_cb(struct uloop_fd *u, unsigned int events)
 					D("SRV: Client(%d) SSL handshake failed, drop\n", new_fd);
 
 					/* remove from global client list */
+					uh_http_response(cl, 400, "Bad Request");
 					uh_client_remove(cl);
 					return;
 				}