allow leading zeros in HTTP/01.01 (fixes #542)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@1025 152afb58-edef-0310-8abb-c4023f1b3aa9svn/tags/lighttpd-1.4.11
parent
096ec7f1ca
commit
0b8de4b3ec
|
|
@ -368,11 +368,53 @@ int http_request_parse(server *srv, connection *con) {
|
|||
}
|
||||
|
||||
con->request.http_method = r;
|
||||
|
||||
if (0 == strncmp(proto, "HTTP/1.", sizeof("HTTP/1.") - 1)) {
|
||||
if (proto[7] == '1') {
|
||||
|
||||
/*
|
||||
* RFC2616 says:
|
||||
*
|
||||
* HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT
|
||||
*
|
||||
* */
|
||||
if (0 == strncmp(proto, "HTTP/", sizeof("HTTP/") - 1)) {
|
||||
char * major = proto + sizeof("HTTP/") - 1;
|
||||
char * minor = strchr(major, '.');
|
||||
char *err = NULL;
|
||||
int major_num = 0, minor_num = 0;
|
||||
|
||||
int invalid_version = 0;
|
||||
|
||||
if (NULL == minor || /* no dot */
|
||||
minor == major || /* no major */
|
||||
*(minor + 1) == '\0' /* no minor */) {
|
||||
invalid_version = 1;
|
||||
} else {
|
||||
*minor = '\0';
|
||||
major_num = strtol(major, &err, 10);
|
||||
|
||||
if (*err != '\0') invalid_version = 1;
|
||||
|
||||
*minor++ = '.';
|
||||
minor_num = strtol(minor, &err, 10);
|
||||
|
||||
if (*err != '\0') invalid_version = 1;
|
||||
}
|
||||
|
||||
if (invalid_version) {
|
||||
con->http_status = 400;
|
||||
con->keep_alive = 0;
|
||||
|
||||
if (srv->srvconf.log_request_header_on_error) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "s", "unknown protocol -> 400");
|
||||
log_error_write(srv, __FILE__, __LINE__, "Sb",
|
||||
"request-header:\n",
|
||||
con->request.request);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (major_num == 1 && minor_num == 1) {
|
||||
con->request.http_version = con->conf.allow_http11 ? HTTP_VERSION_1_1 : HTTP_VERSION_1_0;
|
||||
} else if (proto[7] == '0') {
|
||||
} else if (major_num == 1 && minor_num == 0) {
|
||||
con->request.http_version = HTTP_VERSION_1_0;
|
||||
} else {
|
||||
con->http_status = 505;
|
||||
|
|
|
|||
32
tests/core.t
32
tests/core.t
|
|
@ -9,7 +9,7 @@ BEGIN {
|
|||
|
||||
use strict;
|
||||
use IO::Socket;
|
||||
use Test::More tests => 17;
|
||||
use Test::More tests => 21;
|
||||
use LightyTest;
|
||||
|
||||
my $tf = LightyTest->new();
|
||||
|
|
@ -31,6 +31,36 @@ EOF
|
|||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
|
||||
ok($tf->handle_http($t) == 0, 'missing Protocol');
|
||||
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
GET / HTTP/01.01
|
||||
Host: foo
|
||||
Connection: close
|
||||
EOF
|
||||
);
|
||||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.1', 'HTTP-Status' => 200 } ];
|
||||
ok($tf->handle_http($t) == 0, 'zeros in protocol version');
|
||||
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
GET / HTTP/.01
|
||||
EOF
|
||||
);
|
||||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
|
||||
ok($tf->handle_http($t) == 0, 'missing major version');
|
||||
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
GET / HTTP/01.
|
||||
EOF
|
||||
);
|
||||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
|
||||
ok($tf->handle_http($t) == 0, 'missing minor version');
|
||||
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
GET / HTTP/a.b
|
||||
EOF
|
||||
);
|
||||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
|
||||
ok($tf->handle_http($t) == 0, 'strings as version');
|
||||
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
BC /
|
||||
EOF
|
||||
|
|
|
|||
Loading…
Reference in New Issue