libmicrohttpd

HTTP/1.x server C library (MHD 1.x, stable)
Log | Files | Refs | Submodules | README | LICENSE
commit cad66b87b8dfce1cca5f0562e7653a9b8967cfce
parent 921b183abf68f49476fc3f4e597f5949dcc5e62d
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date:   Mon, 18 Sep 2023 19:48:26 +0300

Detect error earlier if request HTTP version is bad

Diffstat:

Msrc/microhttpd/connection.c | 15+++++++++++++++


1 file changed, 15 insertions(+), 0 deletions(-)

diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
@@ -4909,7 +4909,22 @@ get_request_line (struct MHD_Connection *c)
   const bool wsp_in_uri_keep = (-2 >= discp_lvl);
 
   if (! get_request_line_inner (c))
+  {
+    /* End of the request line has not been found yet */
+    mhd_assert ((! wsp_in_uri) || NULL == c->rq.version);
+    if ((NULL != c->rq.version) &&
+        (HTTP_VER_LEN <
+         (c->rq.hdrs.rq_line.proc_pos
+          - (size_t) (c->rq.version - c->read_buffer))))
+    {
+      c->rq.http_ver = MHD_HTTP_VER_INVALID;
+      transmit_error_response_static (c,
+                                      MHD_HTTP_BAD_REQUEST,
+                                      REQUEST_MALFORMED);
+      return true; /* Error in the request */
+    }
     return false;
+  }
   if (MHD_CONNECTION_REQ_LINE_RECEIVING < c->state)
     return true; /* Error in the request */