aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvgeny Grin (Karlson2k) <k2k@narod.ru>2021-10-17 16:21:04 +0300
committerEvgeny Grin (Karlson2k) <k2k@narod.ru>2021-10-17 16:21:04 +0300
commit4ad019fd53931ae2346e894afaa469bafdb23d15 (patch)
tree56b41b2fb837da588617ca92af66198a9c4665b1
parent0c39b804357b2572b323f63d8be0d6a0517b46c9 (diff)
downloadlibmicrohttpd-4ad019fd53931ae2346e894afaa469bafdb23d15.tar.gz
libmicrohttpd-4ad019fd53931ae2346e894afaa469bafdb23d15.zip
Fixed parsing of bare CR as end-of-line in HTTP headers
-rw-r--r--src/microhttpd/connection.c74
1 files changed, 43 insertions, 31 deletions
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index 0143986e..53e3b9ec 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -2549,42 +2549,54 @@ get_next_header_line (struct MHD_Connection *connection,
2549 return NULL; 2549 return NULL;
2550 pos = 0; 2550 pos = 0;
2551 rbuf = connection->read_buffer; 2551 rbuf = connection->read_buffer;
2552 while ( (pos < connection->read_buffer_offset - 1) && 2552 mhd_assert (NULL != rbuf);
2553 ('\r' != rbuf[pos]) && 2553
2554 ('\n' != rbuf[pos]) ) 2554 do
2555 pos++;
2556 if ( (pos == connection->read_buffer_offset - 1) &&
2557 ('\n' != rbuf[pos]) )
2558 { 2555 {
2559 /* not found, consider growing... */ 2556 const char c = rbuf[pos];
2560 if ( (connection->read_buffer_offset == connection->read_buffer_size) && 2557 bool found;
2561 (! try_grow_read_buffer (connection, true)) ) 2558 found = false;
2559 if ( ('\r' == c) && (pos < connection->read_buffer_offset - 1) &&
2560 ('\n' == rbuf[pos + 1]) )
2561 { /* Found CRLF */
2562 found = true;
2563 if (line_len)
2564 *line_len = pos;
2565 rbuf[pos++] = 0; /* Replace CR with zero */
2566 rbuf[pos++] = 0; /* Replace LF with zero */
2567 }
2568 else if ('\n' == c) /* TODO: Add MHD option to disallow */
2569 { /* Found bare LF */
2570 found = true;
2571 if (line_len)
2572 *line_len = pos;
2573 rbuf[pos++] = 0; /* Replace LF with zero */
2574 }
2575 if (found)
2562 { 2576 {
2563 if (NULL != connection->url) 2577 connection->read_buffer += pos;
2564 transmit_error_response_static (connection, 2578 connection->read_buffer_size -= pos;
2565 MHD_HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE, 2579 connection->read_buffer_offset -= pos;
2566 REQUEST_TOO_BIG); 2580 return rbuf;
2567 else
2568 transmit_error_response_static (connection,
2569 MHD_HTTP_URI_TOO_LONG,
2570 REQUEST_TOO_BIG);
2571 } 2581 }
2572 if (line_len) 2582 } while (++pos < connection->read_buffer_offset);
2573 *line_len = 0;
2574 return NULL;
2575 }
2576 2583
2584 /* not found, consider growing... */
2585 if ( (connection->read_buffer_offset == connection->read_buffer_size) &&
2586 (! try_grow_read_buffer (connection, true)) )
2587 {
2588 if (NULL != connection->url)
2589 transmit_error_response_static (connection,
2590 MHD_HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE,
2591 REQUEST_TOO_BIG);
2592 else
2593 transmit_error_response_static (connection,
2594 MHD_HTTP_URI_TOO_LONG,
2595 REQUEST_TOO_BIG);
2596 }
2577 if (line_len) 2597 if (line_len)
2578 *line_len = pos; 2598 *line_len = 0;
2579 /* found, check if we have proper CRLF */ 2599 return NULL;
2580 if ( ('\r' == rbuf[pos]) &&
2581 ('\n' == rbuf[pos + 1]) )
2582 rbuf[pos++] = '\0'; /* skip CR if any */
2583 rbuf[pos++] = '\0'; /* skip LF */
2584 connection->read_buffer += pos;
2585 connection->read_buffer_size -= pos;
2586 connection->read_buffer_offset -= pos;
2587 return rbuf;
2588} 2600}
2589 2601
2590 2602