summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGlenn Strauss <gstrauss@gluelogic.com>2017-10-21 21:44:34 -0400
committerGlenn Strauss <gstrauss@gluelogic.com>2017-10-21 21:44:34 -0400
commit60b5826849710f8f7bd8dbb8a31f94aef9ae6254 (patch)
tree78942beadc0eabd24172fee9470fb50c60ff8150
parent6be68f569fdb57d5d1ebeaa1fca41736f757abf3 (diff)
downloadlighttpd1.4-60b5826849710f8f7bd8dbb8a31f94aef9ae6254.tar.gz
lighttpd1.4-60b5826849710f8f7bd8dbb8a31f94aef9ae6254.zip
[core] stricter validation of request-URI begin
check that request-URI begins with '/', "http://", "https://", or is OPTIONS * request, or else reject with 400 Bad Request unless server.http-parseopt-header-strict = "disable" (default is enabled) x-ref: https://redmine.lighttpd.net/boards/3/topics/7637
-rw-r--r--src/request.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/request.c b/src/request.c
index 950c91ee..fbfed15a 100644
--- a/src/request.c
+++ b/src/request.c
@@ -635,9 +635,15 @@ int http_request_parse(server *srv, connection *con) {
reqline_hostlen = nuri - reqline_host;
buffer_copy_string_len(con->request.uri, nuri, proto - nuri - 1);
- } else {
+ } else if (!http_header_strict
+ || (HTTP_METHOD_OPTIONS == con->request.http_method && uri[0] == '*' && uri[1] == '\0')) {
/* everything looks good so far */
buffer_copy_string_len(con->request.uri, uri, proto - uri - 1);
+ } else {
+ con->http_status = 400;
+ con->keep_alive = 0;
+ log_error_write(srv, __FILE__, __LINE__, "ss", "request-URI parse error -> 400 for:", uri);
+ return 0;
}
/* check uri for invalid characters */