commit b57456c2e6536764ad7b065c70b999f876269a2c
parent e95ec4874da57b153ecea27fa553ae8a19b4a280
Author: Christian Grothoff <christian@grothoff.org>
Date: Mon, 24 Apr 2017 17:30:26 +0200
relax space-in-field-name checks only if new MHD_USE_PERMISSIVE_CHECKS flag is set
Diffstat:
4 files changed, 25 insertions(+), 5 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,7 @@
+Mon Apr 24 17:29:45 CEST 2017
+ Enforce RFC 7230's rule on no whitespace by default,
+ introduce new MHD_USE_PERMISSIVE_CHECKS to disable. -CG
+
Sun Apr 23 20:05:44 CEST 2017
Enforce RFC 7230's rule on no whitespace in HTTP header
field names if MHD_USE_PEDANTIC_CHECKS is set. -CG
diff --git a/doc/libmicrohttpd.texi b/doc/libmicrohttpd.texi
@@ -12,7 +12,7 @@ This manual is for GNU libmicrohttpd
(version @value{VERSION}, @value{UPDATED}), a library for embedding
an HTTP(S) server into C applications.
-Copyright @copyright{} 2007--2016 Christian Grothoff
+Copyright @copyright{} 2007--2017 Christian Grothoff
@quotation
Permission is granted to copy, distribute and/or modify this document
@@ -496,7 +496,7 @@ that IPv4 addresses are returned by MHD in the IPv6-mapped format
(the 'struct sockaddr_in6' format will be used for IPv4 and IPv6).
@item MHD_USE_PEDANTIC_CHECKS
-Be pedantic about the protocol (as opposed to as tolerant as possible).
+Be pedantic about the protocol.
Specifically, at the moment, this flag causes MHD to reject HTTP
1.1 connections without a @code{Host} header. This is required by the
standard, but of course in violation of the ``be as liberal as possible
@@ -504,6 +504,13 @@ in what you accept'' norm. It is recommended to turn this @strong{ON}
if you are testing clients against MHD, and @strong{OFF} in
production.
+@item MHD_USE_PERMISSIVE_CHECKS
+Be permissive about the protocol, allowing slight deviations that are
+technically not allowed by the RFC. Specifically, at the moment, this
+flag causes MHD to allow spaces in header field names. This is
+disallowed by the standard.
+
+
@item MHD_USE_POLL
@cindex FD_SETSIZE
@cindex poll
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
@@ -1,6 +1,6 @@
/*
This file is part of libmicrohttpd
- Copyright (C) 2006-2016 Christian Grothoff (and other contributing authors)
+ Copyright (C) 2006-2017 Christian Grothoff (and other contributing authors)
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -1136,7 +1136,16 @@ enum MHD_FLAG
* This is combination of #MHD_USE_AUTO and #MHD_USE_INTERNAL_POLLING_THREAD
* flags.
*/
- MHD_USE_AUTO_INTERNAL_THREAD = MHD_USE_AUTO | MHD_USE_INTERNAL_POLLING_THREAD
+ MHD_USE_AUTO_INTERNAL_THREAD = MHD_USE_AUTO | MHD_USE_INTERNAL_POLLING_THREAD,
+
+ /**
+ * Be permissive about the protocol, allowing slight deviations that
+ * are technically not allowed by the RFC.
+ * Specifically, at the moment, this flag causes MHD to
+ * allow spaces in header field names. This is
+ * disallowed by the standard.
+ */
+ MHD_USE_PERMISSIVE_CHECKS = 131072
};
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
@@ -2213,7 +2213,7 @@ process_header_line (struct MHD_Connection *connection,
_("Received malformed line (no colon). Closing connection.\n"));
return MHD_NO;
}
- if (0 != (MHD_USE_PEDANTIC_CHECKS & connection->daemon->options))
+ if (0 == (MHD_USE_PERMISSIVE_CHECKS & connection->daemon->options))
{
/* check for whitespace before colon, which is not allowed
by RFC 7230 section 3.2.4; we count space ' ' and
