From 1d647758e4977c7aebddf893171ceb1bba5bef81 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Sun, 26 Aug 2007 09:13:05 +0000
Subject: fixing mantis 1264

---
 ChangeLog                |  5 +++++
 README                   |  1 -
 src/daemon/connection.c  | 44 +++++++++++++++++++++++++++++++++++++++-----
 src/include/microhttpd.h | 11 +++++++++++
 4 files changed, 55 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index fbc44e99..ff8f7e9c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Sun Aug 26 03:11:46 MDT 2007
+	 Added MHD_USE_PEDANTIC_CHECKS option which enforces
+	 receiving a "Host:" header in HTTP 1.1 (and sends a
+	 HTTP 400 status back if this is violated).
+
 Tue Aug 21 01:01:46 MDT 2007
 	 Fixing assertion failure that occured when a client
 	 closed the connection after sending some data but
diff --git a/README b/README
index 510f8a7a..a1216b26 100644
--- a/README
+++ b/README
@@ -15,7 +15,6 @@ For http/1.1-compliance:
 ========================
 connection.c:
 - support chunked requests from clients (#1260, ARCH, TEST)
-- send proper error code back if client forgot the "Host" header (#1264, TRIV)
 
 For POST:
 =========
diff --git a/src/daemon/connection.c b/src/daemon/connection.c
index e51693d9..cdc8540b 100644
--- a/src/daemon/connection.c
+++ b/src/daemon/connection.c
@@ -37,11 +37,23 @@
 #define HTTP_100_CONTINUE "HTTP/1.1 100 Continue\r\n\r\n"
 
 /**
- * Response used when the request (http header) is too big to
+ * Response text used when the request (http header) is too big to
  * be processed.
+ *
+ * Intentionally empty here to keep our memory footprint 
+ * minimal.
  */
 #define REQUEST_TOO_BIG ""
 
+/**
+ * Response text used when the request (http header) does not
+ * contain a "Host:" header and still claims to be HTTP 1.1.
+ *
+ * Intentionally empty here to keep our memory footprint 
+ * minimal.
+ */
+#define REQUEST_LACKS_HOST ""
+
 /**
  * Add extra debug messages with reasons for closing connections
  * (non-error reasons).
@@ -305,9 +317,7 @@ MHD_excessive_data_handler (struct MHD_Connection *connection,
 {
   struct MHD_Response *response;
 
-  /* die, header far too long to be reasonable;
-     FIXME: send proper response to client
-     (stop reading, queue proper response) */
+  /* die, header far too long to be reasonable */
   connection->read_close = MHD_YES;
   connection->headersReceived = MHD_YES;
   connection->bodyReceived = MHD_YES;
@@ -589,6 +599,7 @@ MHD_parse_connection_headers (struct MHD_Connection *connection)
   const char *clen;
   const char *end;
   unsigned long long cval;
+  struct MHD_Response * response;
 
   if (connection->bodyReceived == 1)
     abort ();
@@ -638,7 +649,7 @@ MHD_parse_connection_headers (struct MHD_Connection *connection)
       if (strlen (line) == 0)
         {
           /* end of header */
-          connection->headersReceived = 1;
+          connection->headersReceived = MHD_YES;
           clen = MHD_lookup_connection_value (connection,
                                               MHD_HEADER_KIND,
                                               MHD_HTTP_HEADER_CONTENT_LENGTH);
@@ -680,6 +691,29 @@ MHD_parse_connection_headers (struct MHD_Connection *connection)
                  this request */
               connection->read_close = MHD_YES;
             }
+	  
+	  if ( (0 != (MHD_USE_PEDANTIC_CHECKS & connection->daemon->options)) &&
+	       (NULL != connection->version) &&
+	       (0 == strcasecmp(MHD_HTTP_VERSION_1_1,
+				connection->version)) &&
+	       (NULL == MHD_lookup_connection_value(connection,
+						    MHD_HEADER_KIND,
+						    MHD_HTTP_HEADER_HOST)) ) {
+	    /* die, http 1.1 request without host and we are pedantic */
+	    connection->bodyReceived = MHD_YES;
+	    connection->read_close = MHD_YES;
+	    MHD_DLOG (connection->daemon,
+		      "Received `%s' request without `%s' header.\n",
+		      MHD_HTTP_VERSION_1_1,
+		      MHD_HTTP_HEADER_HOST);
+	    response = MHD_create_response_from_data (strlen (REQUEST_LACKS_HOST),
+						      REQUEST_LACKS_HOST, MHD_NO, MHD_NO);
+	    MHD_queue_response (connection,
+				MHD_HTTP_BAD_REQUEST,
+				response);
+	    MHD_destroy_response (response);
+	  }
+			      
           break;
         }
       /* line should be normal header line, find colon */
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 975611bf..d09c66a9 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -274,6 +274,17 @@ enum MHD_FLAG
    */
   MHD_USE_IPv6 = 16,
 
+  /**
+   * Be pedantic about the protocol (as opposed to as tolerant as
+   * possible).  Specifically, at the moment, this flag causes MHD to
+   * reject http 1.1 connections without a "Host" header.  This is
+   * required by the standard, but of course in violation of the "be
+   * as liberal as possible in what you accept" norm.  It is
+   * recommended to turn this ON if you are testing clients against
+   * MHD, and OFF in production.
+   */
+  MHD_USE_PEDANTIC_CHECKS = 32,
+
 };
 
 /**
-- 
cgit v1.2.3