diff options
| author | Christian Grothoff <christian@grothoff.org> | 2018-03-02 22:21:28 +0100 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2018-03-02 22:21:28 +0100 |
| commit | fd283b002cae7cde31e12206a5456ea289adcc65 (patch) | |
| tree | 39c903519147bfb71186ba50b6866448b09dc5fa /src | |
| parent | a27a11f20c7b82fd4480b8a1ca8605ff79fff494 (diff) | |
| download | libmicrohttpd-fd283b002cae7cde31e12206a5456ea289adcc65.tar.gz libmicrohttpd-fd283b002cae7cde31e12206a5456ea289adcc65.zip | |
fix spacy url check in strict mode
Diffstat (limited to 'src')
| -rw-r--r-- | src/examples/demo.c | 8 | ||||
| -rw-r--r-- | src/lib/connection_call_handlers.c | 7 | ||||
| -rw-r--r-- | src/microhttpd/connection.c | 7 |
3 files changed, 14 insertions, 8 deletions
diff --git a/src/examples/demo.c b/src/examples/demo.c index 858fb735..4e89c4e3 100644 --- a/src/examples/demo.c +++ b/src/examples/demo.c | |||
| @@ -683,9 +683,9 @@ return_directory_response (struct MHD_Connection *connection) | |||
| 683 | * @param method GET, PUT, POST, etc. | 683 | * @param method GET, PUT, POST, etc. |
| 684 | * @param version HTTP version | 684 | * @param version HTTP version |
| 685 | * @param upload_data data from upload (PUT/POST) | 685 | * @param upload_data data from upload (PUT/POST) |
| 686 | * @param upload_data_size number of bytes in "upload_data" | 686 | * @param upload_data_size number of bytes in @a upload_data |
| 687 | * @param ptr our context | 687 | * @param ptr our context |
| 688 | * @return MHD_YES on success, MHD_NO to drop connection | 688 | * @return #MHD_YES on success, #MHD_NO to drop connection |
| 689 | */ | 689 | */ |
| 690 | static int | 690 | static int |
| 691 | generate_page (void *cls, | 691 | generate_page (void *cls, |
| @@ -700,8 +700,8 @@ generate_page (void *cls, | |||
| 700 | int ret; | 700 | int ret; |
| 701 | int fd; | 701 | int fd; |
| 702 | struct stat buf; | 702 | struct stat buf; |
| 703 | (void)cls; /* Unused. Silent compiler warning. */ | 703 | (void) cls; /* Unused. Silent compiler warning. */ |
| 704 | (void)version; /* Unused. Silent compiler warning. */ | 704 | (void) version; /* Unused. Silent compiler warning. */ |
| 705 | 705 | ||
| 706 | if (0 != strcmp (url, "/")) | 706 | if (0 != strcmp (url, "/")) |
| 707 | { | 707 | { |
diff --git a/src/lib/connection_call_handlers.c b/src/lib/connection_call_handlers.c index f1c31cb6..9e67216c 100644 --- a/src/lib/connection_call_handlers.c +++ b/src/lib/connection_call_handlers.c | |||
| @@ -1750,6 +1750,7 @@ parse_initial_message_line (struct MHD_Request *request, | |||
| 1750 | char *http_version; | 1750 | char *http_version; |
| 1751 | char *args; | 1751 | char *args; |
| 1752 | unsigned int unused_num_headers; | 1752 | unsigned int unused_num_headers; |
| 1753 | size_t url_end; | ||
| 1753 | 1754 | ||
| 1754 | if (NULL == (uri = memchr (line, | 1755 | if (NULL == (uri = memchr (line, |
| 1755 | ' ', | 1756 | ' ', |
| @@ -1770,6 +1771,7 @@ parse_initial_message_line (struct MHD_Request *request, | |||
| 1770 | uri = NULL; | 1771 | uri = NULL; |
| 1771 | request->version_s = ""; | 1772 | request->version_s = ""; |
| 1772 | args = NULL; | 1773 | args = NULL; |
| 1774 | url_end = line_len - (line - uri); | ||
| 1773 | } | 1775 | } |
| 1774 | else | 1776 | else |
| 1775 | { | 1777 | { |
| @@ -1799,11 +1801,12 @@ parse_initial_message_line (struct MHD_Request *request, | |||
| 1799 | '?', | 1801 | '?', |
| 1800 | line_len - (uri - line)); | 1802 | line_len - (uri - line)); |
| 1801 | } | 1803 | } |
| 1804 | url_end = http_version - uri; | ||
| 1802 | } | 1805 | } |
| 1803 | if ( (MHD_PSL_STRICT == daemon->protocol_strict_level) && | 1806 | if ( (MHD_PSL_STRICT == daemon->protocol_strict_level) && |
| 1804 | (NULL != memchr (line, | 1807 | (NULL != memchr (uri, |
| 1805 | ' ', | 1808 | ' ', |
| 1806 | http_version - line)) ) | 1809 | url_end)) ) |
| 1807 | { | 1810 | { |
| 1808 | /* space exists in URI and we are supposed to be strict, reject */ | 1811 | /* space exists in URI and we are supposed to be strict, reject */ |
| 1809 | return MHD_NO; | 1812 | return MHD_NO; |
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c index 66e9b394..8c61a8ba 100644 --- a/src/microhttpd/connection.c +++ b/src/microhttpd/connection.c | |||
| @@ -2189,6 +2189,7 @@ parse_initial_message_line (struct MHD_Connection *connection, | |||
| 2189 | char *http_version; | 2189 | char *http_version; |
| 2190 | char *args; | 2190 | char *args; |
| 2191 | unsigned int unused_num_headers; | 2191 | unsigned int unused_num_headers; |
| 2192 | size_t uri_len; | ||
| 2192 | 2193 | ||
| 2193 | if (NULL == (uri = memchr (line, | 2194 | if (NULL == (uri = memchr (line, |
| 2194 | ' ', | 2195 | ' ', |
| @@ -2205,6 +2206,7 @@ parse_initial_message_line (struct MHD_Connection *connection, | |||
| 2205 | if ((size_t)(uri - line) == line_len) | 2206 | if ((size_t)(uri - line) == line_len) |
| 2206 | { | 2207 | { |
| 2207 | curi = ""; | 2208 | curi = ""; |
| 2209 | uri_len = 0; | ||
| 2208 | uri = NULL; | 2210 | uri = NULL; |
| 2209 | connection->version = ""; | 2211 | connection->version = ""; |
| 2210 | args = NULL; | 2212 | args = NULL; |
| @@ -2237,11 +2239,12 @@ parse_initial_message_line (struct MHD_Connection *connection, | |||
| 2237 | '?', | 2239 | '?', |
| 2238 | line_len - (uri - line)); | 2240 | line_len - (uri - line)); |
| 2239 | } | 2241 | } |
| 2242 | uri_len = http_version - uri; | ||
| 2240 | } | 2243 | } |
| 2241 | if ( (1 <= daemon->strict_for_client) && | 2244 | if ( (1 <= daemon->strict_for_client) && |
| 2242 | (NULL != memchr (line, | 2245 | (NULL != memchr (curi, |
| 2243 | ' ', | 2246 | ' ', |
| 2244 | http_version - line)) ) | 2247 | uri_len)) ) |
| 2245 | { | 2248 | { |
| 2246 | /* space exists in URI and we are supposed to be strict, reject */ | 2249 | /* space exists in URI and we are supposed to be strict, reject */ |
| 2247 | return MHD_NO; | 2250 | return MHD_NO; |