allow leading zeros in HTTP/01.01 (fixes #542)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@1025 152afb58-edef-0310-8abb-c4023f1b3aa9
17 years ago · 0b8de4b3ec
2 changed files with 77 additions and 5 deletions
--- a/src/request.c
+++ b/src/request.c
@ -368,11 +368,53 @@ int http_request_parse(server *srv, connection *con) {
 				}
 				
 				con->request.http_method = r;
-				
-				if (0 == strncmp(proto, "HTTP/1.", sizeof("HTTP/1.") - 1)) {
-					if (proto[7] == '1') {
+			
+				/* 
+				 * RFC2616 says:
+				 *
+				 * HTTP-Version   = "HTTP" "/" 1*DIGIT "." 1*DIGIT
+				 *
+				 * */	
+				if (0 == strncmp(proto, "HTTP/", sizeof("HTTP/") - 1)) {
+					char * major = proto + sizeof("HTTP/") - 1;
+					char * minor = strchr(major, '.');
+					char *err = NULL;
+					int major_num = 0, minor_num = 0;
+
+					int invalid_version = 0;
+
+					if (NULL == minor || /* no dot */
+					    minor == major || /* no major */
+					    *(minor + 1) == '\0' /* no minor */) {
+						invalid_version = 1;
+					} else {
+						*minor = '\0';
+						major_num = strtol(major, &err, 10);
+
+						if (*err != '\0') invalid_version = 1;
+
+						*minor++ = '.';
+						minor_num = strtol(minor, &err, 10);
+
+						if (*err != '\0') invalid_version = 1;
+					}
+
+					if (invalid_version) {
+						con->http_status = 400;
+						con->keep_alive = 0;
+
+						if (srv->srvconf.log_request_header_on_error) {
+							log_error_write(srv, __FILE__, __LINE__, "s", "unknown protocol -> 400");
+							log_error_write(srv, __FILE__, __LINE__, "Sb",
+									"request-header:\n",
+									con->request.request);
+						}
+						return 0;
+					}
+
+					if (major_num == 1 && minor_num == 1) {
 						con->request.http_version = con->conf.allow_http11 ? HTTP_VERSION_1_1 : HTTP_VERSION_1_0;
-					} else if (proto[7] == '0') {
+					} else if (major_num == 1 && minor_num == 0) {
 						con->request.http_version = HTTP_VERSION_1_0;
 					} else { 
 						con->http_status = 505;
--- a/tests/core.t
+++ b/tests/core.t
@ -9,7 +9,7 @@ BEGIN {

 use strict;
 use IO::Socket;
-use Test::More tests => 17;
+use Test::More tests => 21;
 use LightyTest;

 my $tf = LightyTest->new();
@ -31,6 +31,36 @@ EOF
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
 ok($tf->handle_http($t) == 0, 'missing Protocol');

+$t->{REQUEST}  = ( <<EOF
+GET / HTTP/01.01
+Host: foo
+Connection: close
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.1', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'zeros in protocol version');
+
+$t->{REQUEST}  = ( <<EOF
+GET / HTTP/.01
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
+ok($tf->handle_http($t) == 0, 'missing major version');
+
+$t->{REQUEST}  = ( <<EOF
+GET / HTTP/01.
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
+ok($tf->handle_http($t) == 0, 'missing minor version');
+
+$t->{REQUEST}  = ( <<EOF
+GET / HTTP/a.b
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
+ok($tf->handle_http($t) == 0, 'strings as version');
+
 $t->{REQUEST}  = ( <<EOF
 BC /
 EOF