nodejs/http-parser
1
0
Fork 0
mirror of https://github.com/nodejs/http-parser.git synced 2025-10-20 22:31:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix Content-Length with obsolete line folding

Browse Source 
Content-Length with line folding was accepted with invalid input. Treat
obsolete line folding as space and continue parsing

Fixes: https://github.com/nodejs/http-parser/issues/456
PR-URL: https://github.com/nodejs/http-parser/pull/458
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit is contained in:
Olga Batyshkina
2018-12-19 15:58:53 +01:00
committed by Ben Noordhuis
parent 0ae8d93f73
commit cd88eef772
2 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
http_parser.c
View File

@@ -1436,6 +1436,11 @@ reexecute:
parser->header_state = h_content_length_num;
break;
/* when obsolete line folding is encountered for content length
* continue to the s_header_value state */
case h_content_length_ws:
break;
case h_connection:
/* looking for 'Connection: keep-alive' */
if (c == 'k') {
@@ -1679,6 +1684,10 @@ reexecute:
case s_header_value_lws:
{
if (ch == ' ' || ch == '\t') {
if (parser->header_state == h_content_length_num) {
/* treat obsolete line folding as space */
parser->header_state = h_content_length_ws;
}
UPDATE_STATE(s_header_value_start);
REEXECUTE();
}

14
test.c
View File

@@ -4203,6 +4203,20 @@ main (void)
HPE_INVALID_CONTENT_LENGTH,
HTTP_REQUEST);
test_simple_type(
"POST / HTTP/1.1\r\n"
"Content-Length: 42\r\n"
" Hello world!\r\n",
HPE_INVALID_CONTENT_LENGTH,
HTTP_REQUEST);
test_simple_type(
"POST / HTTP/1.1\r\n"
"Content-Length: 42\r\n"
" \r\n",
HPE_OK,
HTTP_REQUEST);
//// RESPONSES
test_simple_type("HTP/1.1 200 OK\r\n\r\n", HPE_INVALID_VERSION, HTTP_RESPONSE);