commit fd283b002cae7cde31e12206a5456ea289adcc65
parent a27a11f20c7b82fd4480b8a1ca8605ff79fff494
Author: Christian Grothoff <christian@grothoff.org>
Date: Fri, 2 Mar 2018 22:21:28 +0100
fix spacy url check in strict mode
Diffstat:
3 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/src/examples/demo.c b/src/examples/demo.c
@@ -683,9 +683,9 @@ return_directory_response (struct MHD_Connection *connection)
* @param method GET, PUT, POST, etc.
* @param version HTTP version
* @param upload_data data from upload (PUT/POST)
- * @param upload_data_size number of bytes in "upload_data"
+ * @param upload_data_size number of bytes in @a upload_data
* @param ptr our context
- * @return MHD_YES on success, MHD_NO to drop connection
+ * @return #MHD_YES on success, #MHD_NO to drop connection
*/
static int
generate_page (void *cls,
@@ -700,8 +700,8 @@ generate_page (void *cls,
int ret;
int fd;
struct stat buf;
- (void)cls; /* Unused. Silent compiler warning. */
- (void)version; /* Unused. Silent compiler warning. */
+ (void) cls; /* Unused. Silent compiler warning. */
+ (void) version; /* Unused. Silent compiler warning. */
if (0 != strcmp (url, "/"))
{
diff --git a/src/lib/connection_call_handlers.c b/src/lib/connection_call_handlers.c
@@ -1750,6 +1750,7 @@ parse_initial_message_line (struct MHD_Request *request,
char *http_version;
char *args;
unsigned int unused_num_headers;
+ size_t url_end;
if (NULL == (uri = memchr (line,
' ',
@@ -1770,6 +1771,7 @@ parse_initial_message_line (struct MHD_Request *request,
uri = NULL;
request->version_s = "";
args = NULL;
+ url_end = line_len - (line - uri);
}
else
{
@@ -1799,11 +1801,12 @@ parse_initial_message_line (struct MHD_Request *request,
'?',
line_len - (uri - line));
}
+ url_end = http_version - uri;
}
if ( (MHD_PSL_STRICT == daemon->protocol_strict_level) &&
- (NULL != memchr (line,
+ (NULL != memchr (uri,
' ',
- http_version - line)) )
+ url_end)) )
{
/* space exists in URI and we are supposed to be strict, reject */
return MHD_NO;
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
@@ -2189,6 +2189,7 @@ parse_initial_message_line (struct MHD_Connection *connection,
char *http_version;
char *args;
unsigned int unused_num_headers;
+ size_t uri_len;
if (NULL == (uri = memchr (line,
' ',
@@ -2205,6 +2206,7 @@ parse_initial_message_line (struct MHD_Connection *connection,
if ((size_t)(uri - line) == line_len)
{
curi = "";
+ uri_len = 0;
uri = NULL;
connection->version = "";
args = NULL;
@@ -2237,11 +2239,12 @@ parse_initial_message_line (struct MHD_Connection *connection,
'?',
line_len - (uri - line));
}
+ uri_len = http_version - uri;
}
if ( (1 <= daemon->strict_for_client) &&
- (NULL != memchr (line,
+ (NULL != memchr (curi,
' ',
- http_version - line)) )
+ uri_len)) )
{
/* space exists in URI and we are supposed to be strict, reject */
return MHD_NO;
