Re-implemented parsing of the request line from scratch.

* New algorithm parse the request line in one pass thus multiple passes over the same memory area are avoided (efficiency for large URI should be improved) * Strict implementation of RFC 9110 and 9112 requirements, unacceptable characters are replaced or threaded as errors. * Implemented various levels of strictness for requests interpretations: three levels within RFC requirements (more strict and more secure; less strict and more compatible with various clients; balanced (default)), one more relaxed level with violation of RFC's SHOULD/SHOULD NOT, one even more relaxed level with violation of MUST/MUST NOT, one stricter level then required by RFC, but absolutely compatible with clients following RFC's MUST/MUST NOT, and one more even stricter level compatible with clients following both MUST/MUST NOT and SHOULD/SHOULD NOT. * Added more detailed responses for invalid requests with descriptions of the found problems (as recommended by RFC). * Limited number of empty lines skipped before the request (as recommended by RFC). * Implemented automatic redirection responses for requests targets with forbidden characters (as recommended by RFC). * In overall: increased flexibility, the security must be improved, much better compliance with the standards.
author: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2022-11-08 16:46:44 +0300
committer: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2023-06-20 22:59:06 +0300
commit: bd605be2029d04d5014adccccfb1a9fa25beb1c3 (patch)
tree: c3deeff257fc90e27ef4aa57fa0259ca9b9cfcb7 /src/microhttpd/internal.h
parent: eaa3be77c3aa003103a389e19debd672cd20fb4c (diff)
download: libmicrohttpd-bd605be2029d04d5014adccccfb1a9fa25beb1c3.tar.gz
libmicrohttpd-bd605be2029d04d5014adccccfb1a9fa25beb1c3.zip
1 files changed, 82 insertions, 2 deletions
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
index 9f5ed442..53f71a5f 100644
--- a/src/microhttpd/internal.h
+++ b/src/microhttpd/internal.h
@@ -1,7 +1,7 @@
 /*
  This file is part of libmicrohttpd
  Copyright (C) 2007-2018 Daniel Pittman and Christian Grothoff
-  Copyright (C) 2014-2021 Evgeny Grin (Karlson2k)
+  Copyright (C) 2014-2022 Evgeny Grin (Karlson2k)
  This library is free software; you can redistribute it and/or
  modify it under the terms of the GNU Lesser General Public
@@ -886,7 +886,7 @@ enum MHD_HTTP_Version
 /**
 * The HTTP method.
 *
- * Only primary methods (specified in RFC7231) are defined here.
+ * Only primary methods (specified in RFC9110) are defined here.
 */
 enum MHD_HTTP_Method
 {
@@ -934,6 +934,76 @@ enum MHD_HTTP_Method
 /**
+ * The request line processing data
+ */
+struct MHD_RequestLineProcessing
+{
+  /**
+   * The position of the next character to be processed
+   */
+  size_t proc_pos;
+  /**
+   * The number of empty lines skipped
+   */
+  unsigned int skipped_empty_lines;
+  /**
+   * The position of the start of the current/last found whitespace block,
+   * zero if not found yet.
+   */
+  size_t last_ws_start;
+  /**
+   * The position of the next character after the last known whitespace
+   * character in the current/last found whitespace block,
+   * zero if not found yet.
+   */
+  size_t last_ws_end;
+  /**
+   * The pointer to the request target.
+   * The request URI will be formed based on it.
+   */
+  char *rq_tgt;
+  /**
+   * The length of the @a rq_tgt, not including terminating zero.
+   */
+  size_t rq_tgt_len;
+  /**
+   * The pointer to the first question mark in the @a rq_tgt.
+   */
+  char *rq_tgt_qmark;
+  /**
+   * The number of whitespace characters in the request URI
+   */
+  size_t num_ws_in_uri;
+};
+/**
+ * The request header processing data
+ */
+struct MHD_HeaderProcessing
+{
+  /**
+   * The position of the last processed character
+   */
+  size_t proc_pos;
+};
+/**
+ * The union of request line and header processing data
+ */
+union MHD_HeadersProcessing
+{
+  /**
+   * The request line processing data
+   */
+  struct MHD_RequestLineProcessing rq_line;
+  /**
+   * The request header processing data
+   */
+  struct MHD_HeaderProcessing hdr;
+};
+/**
 * Request-specific values.
 *
 * Meaningful for the current request only.
@@ -1074,6 +1144,16 @@ struct MHD_Request
   */
  bool dauth_tried;
 #endif /* DAUTH_SUPPORT */
+  /**
+   * Number of bare CR characters that were replaced with space characters
+   * in the request line or in the headers (field lines).
+   */
+  size_t num_cr_sp_replaced;
+  /**
+   * The data of the request line / request headers processing
+   */
+  union MHD_HeadersProcessing hdrs;
  /**
   * Last incomplete header line during parsing of headers.
author	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2022-11-08 16:46:44 +0300
committer	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2023-06-20 22:59:06 +0300
commit	bd605be2029d04d5014adccccfb1a9fa25beb1c3 (patch)
tree	c3deeff257fc90e27ef4aa57fa0259ca9b9cfcb7 /src/microhttpd/internal.h
parent	eaa3be77c3aa003103a389e19debd672cd20fb4c (diff)
download	libmicrohttpd-bd605be2029d04d5014adccccfb1a9fa25beb1c3.tar.gz libmicrohttpd-bd605be2029d04d5014adccccfb1a9fa25beb1c3.zip

diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h index 9f5ed442..53f71a5f 100644 --- a/src/microhttpd/internal.h +++ b/src/microhttpd/internal.h
@@ -1,7 +1,7 @@
1	/*	1	/*
2	This file is part of libmicrohttpd	2	This file is part of libmicrohttpd
3	Copyright (C) 2007-2018 Daniel Pittman and Christian Grothoff	3	Copyright (C) 2007-2018 Daniel Pittman and Christian Grothoff
4	Copyright (C) 2014-2021 Evgeny Grin (Karlson2k)	4	Copyright (C) 2014-2022 Evgeny Grin (Karlson2k)
5		5
6	This library is free software; you can redistribute it and/or	6	This library is free software; you can redistribute it and/or
7	modify it under the terms of the GNU Lesser General Public	7	modify it under the terms of the GNU Lesser General Public
@@ -886,7 +886,7 @@ enum MHD_HTTP_Version
886	/**	886	/**
887	* The HTTP method.	887	* The HTTP method.
888	*	888	*
889	* Only primary methods (specified in RFC7231) are defined here.	889	* Only primary methods (specified in RFC9110) are defined here.
890	*/	890	*/
891	enum MHD_HTTP_Method	891	enum MHD_HTTP_Method
892	{	892	{
@@ -934,6 +934,76 @@ enum MHD_HTTP_Method
934		934
935		935
936	/**	936	/**
		937	* The request line processing data
		938	*/
		939	struct MHD_RequestLineProcessing
		940	{
		941	/**
		942	* The position of the next character to be processed
		943	*/
		944	size_t proc_pos;
		945	/**
		946	* The number of empty lines skipped
		947	*/
		948	unsigned int skipped_empty_lines;
		949	/**
		950	* The position of the start of the current/last found whitespace block,
		951	* zero if not found yet.
		952	*/
		953	size_t last_ws_start;
		954	/**
		955	* The position of the next character after the last known whitespace
		956	* character in the current/last found whitespace block,
		957	* zero if not found yet.
		958	*/
		959	size_t last_ws_end;
		960	/**
		961	* The pointer to the request target.
		962	* The request URI will be formed based on it.
		963	*/
		964	char *rq_tgt;
		965	/**
		966	* The length of the @a rq_tgt, not including terminating zero.
		967	*/
		968	size_t rq_tgt_len;
		969	/**
		970	* The pointer to the first question mark in the @a rq_tgt.
		971	*/
		972	char *rq_tgt_qmark;
		973	/**
		974	* The number of whitespace characters in the request URI
		975	*/
		976	size_t num_ws_in_uri;
		977	};
		978
		979	/**
		980	* The request header processing data
		981	*/
		982	struct MHD_HeaderProcessing
		983	{
		984	/**
		985	* The position of the last processed character
		986	*/
		987	size_t proc_pos;
		988	};
		989
		990	/**
		991	* The union of request line and header processing data
		992	*/
		993	union MHD_HeadersProcessing
		994	{
		995	/**
		996	* The request line processing data
		997	*/
		998	struct MHD_RequestLineProcessing rq_line;
		999
		1000	/**
		1001	* The request header processing data
		1002	*/
		1003	struct MHD_HeaderProcessing hdr;
		1004	};
		1005
		1006	/**
937	* Request-specific values.	1007	* Request-specific values.
938	*	1008	*
939	* Meaningful for the current request only.	1009	* Meaningful for the current request only.
@@ -1074,6 +1144,16 @@ struct MHD_Request
1074	*/	1144	*/
1075	bool dauth_tried;	1145	bool dauth_tried;
1076	#endif /* DAUTH_SUPPORT */	1146	#endif /* DAUTH_SUPPORT */
		1147	/**
		1148	* Number of bare CR characters that were replaced with space characters
		1149	* in the request line or in the headers (field lines).
		1150	*/
		1151	size_t num_cr_sp_replaced;
		1152
		1153	/**
		1154	* The data of the request line / request headers processing
		1155	*/
		1156	union MHD_HeadersProcessing hdrs;
1077		1157
1078	/**	1158	/**
1079	* Last incomplete header line during parsing of headers.	1159	* Last incomplete header line during parsing of headers.