diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-11-08 16:46:44 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2023-06-20 22:59:06 +0300 |
commit | bd605be2029d04d5014adccccfb1a9fa25beb1c3 (patch) | |
tree | c3deeff257fc90e27ef4aa57fa0259ca9b9cfcb7 /src/microhttpd/internal.h | |
parent | eaa3be77c3aa003103a389e19debd672cd20fb4c (diff) | |
download | libmicrohttpd-bd605be2029d04d5014adccccfb1a9fa25beb1c3.tar.gz libmicrohttpd-bd605be2029d04d5014adccccfb1a9fa25beb1c3.zip |
Re-implemented parsing of the request line from scratch.
* New algorithm parse the request line in one pass thus multiple passes
over the same memory area are avoided (efficiency for large URI should
be improved)
* Strict implementation of RFC 9110 and 9112 requirements, unacceptable
characters are replaced or threaded as errors.
* Implemented various levels of strictness for requests interpretations:
three levels within RFC requirements (more strict and more secure; less
strict and more compatible with various clients; balanced (default)),
one more relaxed level with violation of RFC's SHOULD/SHOULD NOT,
one even more relaxed level with violation of MUST/MUST NOT,
one stricter level then required by RFC, but absolutely compatible with
clients following RFC's MUST/MUST NOT, and one more even stricter level
compatible with clients following both MUST/MUST NOT and
SHOULD/SHOULD NOT.
* Added more detailed responses for invalid requests with descriptions
of the found problems (as recommended by RFC).
* Limited number of empty lines skipped before the request (as
recommended by RFC).
* Implemented automatic redirection responses for requests targets
with forbidden characters (as recommended by RFC).
* In overall: increased flexibility, the security must be improved,
much better compliance with the standards.
Diffstat (limited to 'src/microhttpd/internal.h')
-rw-r--r-- | src/microhttpd/internal.h | 84 |
1 files changed, 82 insertions, 2 deletions
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h index 9f5ed442..53f71a5f 100644 --- a/src/microhttpd/internal.h +++ b/src/microhttpd/internal.h | |||
@@ -1,7 +1,7 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of libmicrohttpd | 2 | This file is part of libmicrohttpd |
3 | Copyright (C) 2007-2018 Daniel Pittman and Christian Grothoff | 3 | Copyright (C) 2007-2018 Daniel Pittman and Christian Grothoff |
4 | Copyright (C) 2014-2021 Evgeny Grin (Karlson2k) | 4 | Copyright (C) 2014-2022 Evgeny Grin (Karlson2k) |
5 | 5 | ||
6 | This library is free software; you can redistribute it and/or | 6 | This library is free software; you can redistribute it and/or |
7 | modify it under the terms of the GNU Lesser General Public | 7 | modify it under the terms of the GNU Lesser General Public |
@@ -886,7 +886,7 @@ enum MHD_HTTP_Version | |||
886 | /** | 886 | /** |
887 | * The HTTP method. | 887 | * The HTTP method. |
888 | * | 888 | * |
889 | * Only primary methods (specified in RFC7231) are defined here. | 889 | * Only primary methods (specified in RFC9110) are defined here. |
890 | */ | 890 | */ |
891 | enum MHD_HTTP_Method | 891 | enum MHD_HTTP_Method |
892 | { | 892 | { |
@@ -934,6 +934,76 @@ enum MHD_HTTP_Method | |||
934 | 934 | ||
935 | 935 | ||
936 | /** | 936 | /** |
937 | * The request line processing data | ||
938 | */ | ||
939 | struct MHD_RequestLineProcessing | ||
940 | { | ||
941 | /** | ||
942 | * The position of the next character to be processed | ||
943 | */ | ||
944 | size_t proc_pos; | ||
945 | /** | ||
946 | * The number of empty lines skipped | ||
947 | */ | ||
948 | unsigned int skipped_empty_lines; | ||
949 | /** | ||
950 | * The position of the start of the current/last found whitespace block, | ||
951 | * zero if not found yet. | ||
952 | */ | ||
953 | size_t last_ws_start; | ||
954 | /** | ||
955 | * The position of the next character after the last known whitespace | ||
956 | * character in the current/last found whitespace block, | ||
957 | * zero if not found yet. | ||
958 | */ | ||
959 | size_t last_ws_end; | ||
960 | /** | ||
961 | * The pointer to the request target. | ||
962 | * The request URI will be formed based on it. | ||
963 | */ | ||
964 | char *rq_tgt; | ||
965 | /** | ||
966 | * The length of the @a rq_tgt, not including terminating zero. | ||
967 | */ | ||
968 | size_t rq_tgt_len; | ||
969 | /** | ||
970 | * The pointer to the first question mark in the @a rq_tgt. | ||
971 | */ | ||
972 | char *rq_tgt_qmark; | ||
973 | /** | ||
974 | * The number of whitespace characters in the request URI | ||
975 | */ | ||
976 | size_t num_ws_in_uri; | ||
977 | }; | ||
978 | |||
979 | /** | ||
980 | * The request header processing data | ||
981 | */ | ||
982 | struct MHD_HeaderProcessing | ||
983 | { | ||
984 | /** | ||
985 | * The position of the last processed character | ||
986 | */ | ||
987 | size_t proc_pos; | ||
988 | }; | ||
989 | |||
990 | /** | ||
991 | * The union of request line and header processing data | ||
992 | */ | ||
993 | union MHD_HeadersProcessing | ||
994 | { | ||
995 | /** | ||
996 | * The request line processing data | ||
997 | */ | ||
998 | struct MHD_RequestLineProcessing rq_line; | ||
999 | |||
1000 | /** | ||
1001 | * The request header processing data | ||
1002 | */ | ||
1003 | struct MHD_HeaderProcessing hdr; | ||
1004 | }; | ||
1005 | |||
1006 | /** | ||
937 | * Request-specific values. | 1007 | * Request-specific values. |
938 | * | 1008 | * |
939 | * Meaningful for the current request only. | 1009 | * Meaningful for the current request only. |
@@ -1074,6 +1144,16 @@ struct MHD_Request | |||
1074 | */ | 1144 | */ |
1075 | bool dauth_tried; | 1145 | bool dauth_tried; |
1076 | #endif /* DAUTH_SUPPORT */ | 1146 | #endif /* DAUTH_SUPPORT */ |
1147 | /** | ||
1148 | * Number of bare CR characters that were replaced with space characters | ||
1149 | * in the request line or in the headers (field lines). | ||
1150 | */ | ||
1151 | size_t num_cr_sp_replaced; | ||
1152 | |||
1153 | /** | ||
1154 | * The data of the request line / request headers processing | ||
1155 | */ | ||
1156 | union MHD_HeadersProcessing hdrs; | ||
1077 | 1157 | ||
1078 | /** | 1158 | /** |
1079 | * Last incomplete header line during parsing of headers. | 1159 | * Last incomplete header line during parsing of headers. |