diff options
author | Christian Grothoff <christian@grothoff.org> | 2018-03-02 22:21:28 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2018-03-02 22:21:28 +0100 |
commit | fd283b002cae7cde31e12206a5456ea289adcc65 (patch) | |
tree | 39c903519147bfb71186ba50b6866448b09dc5fa /src | |
parent | a27a11f20c7b82fd4480b8a1ca8605ff79fff494 (diff) | |
download | libmicrohttpd-fd283b002cae7cde31e12206a5456ea289adcc65.tar.gz libmicrohttpd-fd283b002cae7cde31e12206a5456ea289adcc65.zip |
fix spacy url check in strict mode
Diffstat (limited to 'src')
-rw-r--r-- | src/examples/demo.c | 8 | ||||
-rw-r--r-- | src/lib/connection_call_handlers.c | 7 | ||||
-rw-r--r-- | src/microhttpd/connection.c | 7 |
3 files changed, 14 insertions, 8 deletions
diff --git a/src/examples/demo.c b/src/examples/demo.c index 858fb735..4e89c4e3 100644 --- a/src/examples/demo.c +++ b/src/examples/demo.c | |||
@@ -683,9 +683,9 @@ return_directory_response (struct MHD_Connection *connection) | |||
683 | * @param method GET, PUT, POST, etc. | 683 | * @param method GET, PUT, POST, etc. |
684 | * @param version HTTP version | 684 | * @param version HTTP version |
685 | * @param upload_data data from upload (PUT/POST) | 685 | * @param upload_data data from upload (PUT/POST) |
686 | * @param upload_data_size number of bytes in "upload_data" | 686 | * @param upload_data_size number of bytes in @a upload_data |
687 | * @param ptr our context | 687 | * @param ptr our context |
688 | * @return MHD_YES on success, MHD_NO to drop connection | 688 | * @return #MHD_YES on success, #MHD_NO to drop connection |
689 | */ | 689 | */ |
690 | static int | 690 | static int |
691 | generate_page (void *cls, | 691 | generate_page (void *cls, |
@@ -700,8 +700,8 @@ generate_page (void *cls, | |||
700 | int ret; | 700 | int ret; |
701 | int fd; | 701 | int fd; |
702 | struct stat buf; | 702 | struct stat buf; |
703 | (void)cls; /* Unused. Silent compiler warning. */ | 703 | (void) cls; /* Unused. Silent compiler warning. */ |
704 | (void)version; /* Unused. Silent compiler warning. */ | 704 | (void) version; /* Unused. Silent compiler warning. */ |
705 | 705 | ||
706 | if (0 != strcmp (url, "/")) | 706 | if (0 != strcmp (url, "/")) |
707 | { | 707 | { |
diff --git a/src/lib/connection_call_handlers.c b/src/lib/connection_call_handlers.c index f1c31cb6..9e67216c 100644 --- a/src/lib/connection_call_handlers.c +++ b/src/lib/connection_call_handlers.c | |||
@@ -1750,6 +1750,7 @@ parse_initial_message_line (struct MHD_Request *request, | |||
1750 | char *http_version; | 1750 | char *http_version; |
1751 | char *args; | 1751 | char *args; |
1752 | unsigned int unused_num_headers; | 1752 | unsigned int unused_num_headers; |
1753 | size_t url_end; | ||
1753 | 1754 | ||
1754 | if (NULL == (uri = memchr (line, | 1755 | if (NULL == (uri = memchr (line, |
1755 | ' ', | 1756 | ' ', |
@@ -1770,6 +1771,7 @@ parse_initial_message_line (struct MHD_Request *request, | |||
1770 | uri = NULL; | 1771 | uri = NULL; |
1771 | request->version_s = ""; | 1772 | request->version_s = ""; |
1772 | args = NULL; | 1773 | args = NULL; |
1774 | url_end = line_len - (line - uri); | ||
1773 | } | 1775 | } |
1774 | else | 1776 | else |
1775 | { | 1777 | { |
@@ -1799,11 +1801,12 @@ parse_initial_message_line (struct MHD_Request *request, | |||
1799 | '?', | 1801 | '?', |
1800 | line_len - (uri - line)); | 1802 | line_len - (uri - line)); |
1801 | } | 1803 | } |
1804 | url_end = http_version - uri; | ||
1802 | } | 1805 | } |
1803 | if ( (MHD_PSL_STRICT == daemon->protocol_strict_level) && | 1806 | if ( (MHD_PSL_STRICT == daemon->protocol_strict_level) && |
1804 | (NULL != memchr (line, | 1807 | (NULL != memchr (uri, |
1805 | ' ', | 1808 | ' ', |
1806 | http_version - line)) ) | 1809 | url_end)) ) |
1807 | { | 1810 | { |
1808 | /* space exists in URI and we are supposed to be strict, reject */ | 1811 | /* space exists in URI and we are supposed to be strict, reject */ |
1809 | return MHD_NO; | 1812 | return MHD_NO; |
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c index 66e9b394..8c61a8ba 100644 --- a/src/microhttpd/connection.c +++ b/src/microhttpd/connection.c | |||
@@ -2189,6 +2189,7 @@ parse_initial_message_line (struct MHD_Connection *connection, | |||
2189 | char *http_version; | 2189 | char *http_version; |
2190 | char *args; | 2190 | char *args; |
2191 | unsigned int unused_num_headers; | 2191 | unsigned int unused_num_headers; |
2192 | size_t uri_len; | ||
2192 | 2193 | ||
2193 | if (NULL == (uri = memchr (line, | 2194 | if (NULL == (uri = memchr (line, |
2194 | ' ', | 2195 | ' ', |
@@ -2205,6 +2206,7 @@ parse_initial_message_line (struct MHD_Connection *connection, | |||
2205 | if ((size_t)(uri - line) == line_len) | 2206 | if ((size_t)(uri - line) == line_len) |
2206 | { | 2207 | { |
2207 | curi = ""; | 2208 | curi = ""; |
2209 | uri_len = 0; | ||
2208 | uri = NULL; | 2210 | uri = NULL; |
2209 | connection->version = ""; | 2211 | connection->version = ""; |
2210 | args = NULL; | 2212 | args = NULL; |
@@ -2237,11 +2239,12 @@ parse_initial_message_line (struct MHD_Connection *connection, | |||
2237 | '?', | 2239 | '?', |
2238 | line_len - (uri - line)); | 2240 | line_len - (uri - line)); |
2239 | } | 2241 | } |
2242 | uri_len = http_version - uri; | ||
2240 | } | 2243 | } |
2241 | if ( (1 <= daemon->strict_for_client) && | 2244 | if ( (1 <= daemon->strict_for_client) && |
2242 | (NULL != memchr (line, | 2245 | (NULL != memchr (curi, |
2243 | ' ', | 2246 | ' ', |
2244 | http_version - line)) ) | 2247 | uri_len)) ) |
2245 | { | 2248 | { |
2246 | /* space exists in URI and we are supposed to be strict, reject */ | 2249 | /* space exists in URI and we are supposed to be strict, reject */ |
2247 | return MHD_NO; | 2250 | return MHD_NO; |