diff options
author | Christian Grothoff <christian@grothoff.org> | 2017-04-24 17:30:26 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2017-04-24 17:30:26 +0200 |
commit | b57456c2e6536764ad7b065c70b999f876269a2c (patch) | |
tree | 02f8b5853232574015a910715a051621c178bdb4 | |
parent | e95ec4874da57b153ecea27fa553ae8a19b4a280 (diff) | |
download | libmicrohttpd-b57456c2e6536764ad7b065c70b999f876269a2c.tar.gz libmicrohttpd-b57456c2e6536764ad7b065c70b999f876269a2c.zip |
relax space-in-field-name checks only if new MHD_USE_PERMISSIVE_CHECKS flag is set
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | doc/libmicrohttpd.texi | 11 | ||||
-rw-r--r-- | src/include/microhttpd.h | 13 | ||||
-rw-r--r-- | src/microhttpd/connection.c | 2 |
4 files changed, 25 insertions, 5 deletions
@@ -1,3 +1,7 @@ | |||
1 | Mon Apr 24 17:29:45 CEST 2017 | ||
2 | Enforce RFC 7230's rule on no whitespace by default, | ||
3 | introduce new MHD_USE_PERMISSIVE_CHECKS to disable. -CG | ||
4 | |||
1 | Sun Apr 23 20:05:44 CEST 2017 | 5 | Sun Apr 23 20:05:44 CEST 2017 |
2 | Enforce RFC 7230's rule on no whitespace in HTTP header | 6 | Enforce RFC 7230's rule on no whitespace in HTTP header |
3 | field names if MHD_USE_PEDANTIC_CHECKS is set. -CG | 7 | field names if MHD_USE_PEDANTIC_CHECKS is set. -CG |
diff --git a/doc/libmicrohttpd.texi b/doc/libmicrohttpd.texi index 219a19af..7e95155b 100644 --- a/doc/libmicrohttpd.texi +++ b/doc/libmicrohttpd.texi | |||
@@ -12,7 +12,7 @@ This manual is for GNU libmicrohttpd | |||
12 | (version @value{VERSION}, @value{UPDATED}), a library for embedding | 12 | (version @value{VERSION}, @value{UPDATED}), a library for embedding |
13 | an HTTP(S) server into C applications. | 13 | an HTTP(S) server into C applications. |
14 | 14 | ||
15 | Copyright @copyright{} 2007--2016 Christian Grothoff | 15 | Copyright @copyright{} 2007--2017 Christian Grothoff |
16 | 16 | ||
17 | @quotation | 17 | @quotation |
18 | Permission is granted to copy, distribute and/or modify this document | 18 | Permission is granted to copy, distribute and/or modify this document |
@@ -496,7 +496,7 @@ that IPv4 addresses are returned by MHD in the IPv6-mapped format | |||
496 | (the 'struct sockaddr_in6' format will be used for IPv4 and IPv6). | 496 | (the 'struct sockaddr_in6' format will be used for IPv4 and IPv6). |
497 | 497 | ||
498 | @item MHD_USE_PEDANTIC_CHECKS | 498 | @item MHD_USE_PEDANTIC_CHECKS |
499 | Be pedantic about the protocol (as opposed to as tolerant as possible). | 499 | Be pedantic about the protocol. |
500 | Specifically, at the moment, this flag causes MHD to reject HTTP | 500 | Specifically, at the moment, this flag causes MHD to reject HTTP |
501 | 1.1 connections without a @code{Host} header. This is required by the | 501 | 1.1 connections without a @code{Host} header. This is required by the |
502 | standard, but of course in violation of the ``be as liberal as possible | 502 | standard, but of course in violation of the ``be as liberal as possible |
@@ -504,6 +504,13 @@ in what you accept'' norm. It is recommended to turn this @strong{ON} | |||
504 | if you are testing clients against MHD, and @strong{OFF} in | 504 | if you are testing clients against MHD, and @strong{OFF} in |
505 | production. | 505 | production. |
506 | 506 | ||
507 | @item MHD_USE_PERMISSIVE_CHECKS | ||
508 | Be permissive about the protocol, allowing slight deviations that are | ||
509 | technically not allowed by the RFC. Specifically, at the moment, this | ||
510 | flag causes MHD to allow spaces in header field names. This is | ||
511 | disallowed by the standard. | ||
512 | |||
513 | |||
507 | @item MHD_USE_POLL | 514 | @item MHD_USE_POLL |
508 | @cindex FD_SETSIZE | 515 | @cindex FD_SETSIZE |
509 | @cindex poll | 516 | @cindex poll |
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h index d2aed65e..fcb617d8 100644 --- a/src/include/microhttpd.h +++ b/src/include/microhttpd.h | |||
@@ -1,6 +1,6 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of libmicrohttpd | 2 | This file is part of libmicrohttpd |
3 | Copyright (C) 2006-2016 Christian Grothoff (and other contributing authors) | 3 | Copyright (C) 2006-2017 Christian Grothoff (and other contributing authors) |
4 | 4 | ||
5 | This library is free software; you can redistribute it and/or | 5 | This library is free software; you can redistribute it and/or |
6 | modify it under the terms of the GNU Lesser General Public | 6 | modify it under the terms of the GNU Lesser General Public |
@@ -1136,7 +1136,16 @@ enum MHD_FLAG | |||
1136 | * This is combination of #MHD_USE_AUTO and #MHD_USE_INTERNAL_POLLING_THREAD | 1136 | * This is combination of #MHD_USE_AUTO and #MHD_USE_INTERNAL_POLLING_THREAD |
1137 | * flags. | 1137 | * flags. |
1138 | */ | 1138 | */ |
1139 | MHD_USE_AUTO_INTERNAL_THREAD = MHD_USE_AUTO | MHD_USE_INTERNAL_POLLING_THREAD | 1139 | MHD_USE_AUTO_INTERNAL_THREAD = MHD_USE_AUTO | MHD_USE_INTERNAL_POLLING_THREAD, |
1140 | |||
1141 | /** | ||
1142 | * Be permissive about the protocol, allowing slight deviations that | ||
1143 | * are technically not allowed by the RFC. | ||
1144 | * Specifically, at the moment, this flag causes MHD to | ||
1145 | * allow spaces in header field names. This is | ||
1146 | * disallowed by the standard. | ||
1147 | */ | ||
1148 | MHD_USE_PERMISSIVE_CHECKS = 131072 | ||
1140 | 1149 | ||
1141 | }; | 1150 | }; |
1142 | 1151 | ||
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c index cbac8447..7baee402 100644 --- a/src/microhttpd/connection.c +++ b/src/microhttpd/connection.c | |||
@@ -2213,7 +2213,7 @@ process_header_line (struct MHD_Connection *connection, | |||
2213 | _("Received malformed line (no colon). Closing connection.\n")); | 2213 | _("Received malformed line (no colon). Closing connection.\n")); |
2214 | return MHD_NO; | 2214 | return MHD_NO; |
2215 | } | 2215 | } |
2216 | if (0 != (MHD_USE_PEDANTIC_CHECKS & connection->daemon->options)) | 2216 | if (0 == (MHD_USE_PERMISSIVE_CHECKS & connection->daemon->options)) |
2217 | { | 2217 | { |
2218 | /* check for whitespace before colon, which is not allowed | 2218 | /* check for whitespace before colon, which is not allowed |
2219 | by RFC 7230 section 3.2.4; we count space ' ' and | 2219 | by RFC 7230 section 3.2.4; we count space ' ' and |