aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2018-03-01 13:29:58 +0100
committerChristian Grothoff <christian@grothoff.org>2018-03-01 13:29:58 +0100
commit5717a9ec22d72d4d4202dfd3e1071ded9182e51e (patch)
treeb402e7e8c96ce7da14b7277aef48b6b1f8630bfd
parent785ae52b3e397baf21400512ef2b4641b4170049 (diff)
downloadlibmicrohttpd-5717a9ec22d72d4d4202dfd3e1071ded9182e51e.tar.gz
libmicrohttpd-5717a9ec22d72d4d4202dfd3e1071ded9182e51e.zip
expand strictness to cover spaces in URL
Diffstat
-rw-r--r--src/include/microhttpd.h20
-rw-r--r--src/lib/connection_call_handlers.c8
-rw-r--r--src/microhttpd/connection.c8
3 files changed, 28 insertions, 8 deletions
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 77bb000c..b4e436c2 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -1470,14 +1470,18 @@ enum MHD_OPTION
1470 MHD_OPTION_LISTEN_BACKLOG_SIZE = 28, 1470 MHD_OPTION_LISTEN_BACKLOG_SIZE = 28,
1471 1471
1472 /** 1472 /**
1473 * If set to 1 - be strict about the protocol (as opposed to as 1473 * If set to 1 - be strict about the protocol. Use -1 to be
1474 * tolerant as possible). Specifically, at the moment, this flag 1474 * as tolerant as possible.
1475 * causes MHD to reject HTTP 1.1 connections without a "Host" header. 1475 *
1476 * This is required by the standard, but of course in violation of 1476 * Specifically, at the moment, at 1 this flag
1477 * the "be as liberal as possible in what you accept" norm. It is 1477 * causes MHD to reject HTTP 1.1 connections without a "Host" header,
1478 * recommended to set this to 1 if you are testing clients against 1478 * and to disallow spaces in the URL or (at -1) in HTTP header key strings.
1479 * MHD, and 0 in production. 1479 *
1480 * This option should be followed by an `int` argument. 1480 * These are required by some versions of the standard, but of
1481 * course in violation of the "be as liberal as possible in what you
1482 * accept" norm. It is recommended to set this to 1 if you are
1483 * testing clients against MHD, and 0 in production. This option
1484 * should be followed by an `int` argument.
1481 */ 1485 */
1482 MHD_OPTION_STRICT_FOR_CLIENT = 29 1486 MHD_OPTION_STRICT_FOR_CLIENT = 29
1483}; 1487};
diff --git a/src/lib/connection_call_handlers.c b/src/lib/connection_call_handlers.c
index 17f32dae..cb82197c 100644
--- a/src/lib/connection_call_handlers.c
+++ b/src/lib/connection_call_handlers.c
@@ -1803,6 +1803,14 @@ parse_initial_message_line (struct MHD_Request *request,
1803 line_len - (uri - line)); 1803 line_len - (uri - line));
1804 } 1804 }
1805 } 1805 }
1806 if ( (1 <= daemon->strict_for_client) &&
1807 (NULL != memchr (line,
1808 ' ',
1809 http_version - line)) )
1810 {
1811 /* space exists in URI and we are supposed to be strict, reject */
1812 return MHD_NO;
1813 }
1806 if (NULL != daemon->early_uri_logger_cb) 1814 if (NULL != daemon->early_uri_logger_cb)
1807 { 1815 {
1808 request->client_context 1816 request->client_context
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index 39253a9f..691aa427 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -2241,6 +2241,14 @@ parse_initial_message_line (struct MHD_Connection *connection,
2241 line_len - (uri - line)); 2241 line_len - (uri - line));
2242 } 2242 }
2243 } 2243 }
2244 if ( (1 <= daemon->strict_for_client) &&
2245 (NULL != memchr (line,
2246 ' ',
2247 http_version - line)) )
2248 {
2249 /* space exists in URI and we are supposed to be strict, reject */
2250 return MHD_NO;
2251 }
2244 if (NULL != daemon->uri_log_callback) 2252 if (NULL != daemon->uri_log_callback)
2245 { 2253 {
2246 connection->client_aware = true; 2254 connection->client_aware = true;
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-11 23:18:45 +0000