relax space-in-field-name checks only if new MHD_USE_PERMISSIVE_CHECKS flag is set

4 files changed, 25 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index c4b8e52b..ba7061fd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Mon Apr 24 17:29:45 CEST 2017
+        Enforce RFC 7230's rule on no whitespace by default,
+        introduce new MHD_USE_PERMISSIVE_CHECKS to disable. -CG
+
 Sun Apr 23 20:05:44 CEST 2017
         Enforce RFC 7230's rule on no whitespace in HTTP header
         field names if MHD_USE_PEDANTIC_CHECKS is set. -CG
diff --git a/doc/libmicrohttpd.texi b/doc/libmicrohttpd.texi
index 219a19af..7e95155b 100644
--- a/doc/libmicrohttpd.texi
+++ b/doc/libmicrohttpd.texi
@@ -12,7 +12,7 @@ This manual is for GNU libmicrohttpd
 (version @value{VERSION}, @value{UPDATED}), a library for embedding
 an HTTP(S) server into C applications.
 
-Copyright @copyright{} 2007--2016 Christian Grothoff
+Copyright @copyright{} 2007--2017 Christian Grothoff
 
 @quotation
 Permission is granted to copy, distribute and/or modify this document
@@ -496,7 +496,7 @@ that IPv4 addresses are returned by MHD in the IPv6-mapped format
 (the 'struct sockaddr_in6' format will be used for IPv4 and IPv6).
 
 @item MHD_USE_PEDANTIC_CHECKS
-Be pedantic about the protocol (as opposed to as tolerant as possible).
+Be pedantic about the protocol.
 Specifically, at the moment, this flag causes MHD to reject HTTP
 1.1 connections without a @code{Host} header.  This is required by the
 standard, but of course in violation of the ``be as liberal as possible
@@ -504,6 +504,13 @@ in what you accept'' norm.  It is recommended to turn this @strong{ON}
 if you are testing clients against MHD, and @strong{OFF} in
 production.
 
+@item MHD_USE_PERMISSIVE_CHECKS
+Be permissive about the protocol, allowing slight deviations that are
+technically not allowed by the RFC.  Specifically, at the moment, this
+flag causes MHD to allow spaces in header field names.  This is
+disallowed by the standard.
+
+
 @item MHD_USE_POLL
 @cindex FD_SETSIZE
 @cindex poll
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index d2aed65e..fcb617d8 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -1,6 +1,6 @@
 /*
      This file is part of libmicrohttpd
-     Copyright (C) 2006-2016 Christian Grothoff (and other contributing authors)
+     Copyright (C) 2006-2017 Christian Grothoff (and other contributing authors)
 
      This library is free software; you can redistribute it and/or
      modify it under the terms of the GNU Lesser General Public
@@ -1136,7 +1136,16 @@ enum MHD_FLAG
    * This is combination of #MHD_USE_AUTO and #MHD_USE_INTERNAL_POLLING_THREAD
    * flags.
    */
-  MHD_USE_AUTO_INTERNAL_THREAD = MHD_USE_AUTO | MHD_USE_INTERNAL_POLLING_THREAD
+  MHD_USE_AUTO_INTERNAL_THREAD = MHD_USE_AUTO | MHD_USE_INTERNAL_POLLING_THREAD,
+
+  /**
+   * Be permissive about the protocol, allowing slight deviations that
+   * are technically not allowed by the RFC.
+   * Specifically, at the moment, this flag causes MHD to
+   * allow spaces in header field names.  This is
+   * disallowed by the standard.
+   */
+  MHD_USE_PERMISSIVE_CHECKS = 131072
 
 };
 
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index cbac8447..7baee402 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -2213,7 +2213,7 @@ process_header_line (struct MHD_Connection *connection,
                               _("Received malformed line (no colon). Closing connection.\n"));
       return MHD_NO;
     }
-  if (0 != (MHD_USE_PEDANTIC_CHECKS & connection->daemon->options))
+  if (0 == (MHD_USE_PERMISSIVE_CHECKS & connection->daemon->options))
     {
       /* check for whitespace before colon, which is not allowed
          by RFC 7230 section 3.2.4; we count space ' ' and