首頁 探索 說明
登入
c
/
gnu.libmicrohttpd
镜像来自 https://git.gnunet.org/libmicrohttpd.git
2
0
複刻 0
Files 問題管理 0 Wiki
瀏覽代碼

enforce RFC 7230 no-whitespace in header field name rule if MHD_USE_PEDANTIC_CHECKS is set

Christian Grothoff 8 年之前
父節點
ef49636130
當前提交
e95ec4874d
共有 4 個文件被更改,包括 22 次插入2 次删除
分割檢視 顯示文件統計
  1. 4 0
      ChangeLog
  2. 1 1
      src/examples/minimal_example.c
  3. 16 0
      src/microhttpd/connection.c
  4. 1 1
      src/microhttpd/digestauth.c

+ 4 - 0
ChangeLog
查看文件 

@@ -1,3 +1,7 @@
 
+Sun Apr 23 20:05:44 CEST 2017
 
+	Enforce RFC 7230's rule on no whitespace in HTTP header
 
+	field names if MHD_USE_PEDANTIC_CHECKS is set. -CG
 
+
 
 Sun Apr 23 19:20:33 CEST 2017
 
 	Replace remaining occurences of sprintf() with
 
 	MHD_snprintf_(). Thanks to Ram for pointing this out. -CG

+ 1 - 1
src/examples/minimal_example.c
查看文件 

@@ -68,7 +68,7 @@ main (int argc, char *const *argv)
 
       return 1;
 
     }
 
   d = MHD_start_daemon (// MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_ERROR_LOG,
 
-                        MHD_USE_AUTO | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_ERROR_LOG,
 
+                        MHD_USE_AUTO | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_PEDANTIC_CHECKS | MHD_USE_ERROR_LOG,
 
                         // MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_ERROR_LOG | MHD_USE_POLL,
 
 			// MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_ERROR_LOG | MHD_USE_POLL,
 
 			// MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_ERROR_LOG,

+ 16 - 0
src/microhttpd/connection.c
查看文件 

@@ -2213,6 +2213,22 @@ process_header_line (struct MHD_Connection *connection,
 
 			      _("Received malformed line (no colon). Closing connection.\n"));
 
       return MHD_NO;
 
     }
 
+  if (0 != (MHD_USE_PEDANTIC_CHECKS & connection->daemon->options))
 
+    {
 
+      /* check for whitespace before colon, which is not allowed
 
+	 by RFC 7230 section 3.2.4; we count space ' ' and
 
+	 tab '\t', but not '\r\n' as those would have ended the line. */
 
+      const char *white;
 
+
 
+      white = strchr (line, ' ');
 
+      if ( (NULL != white) &&
 
+	   (white < colon) )
 
+	return MHD_NO;
 
+      white = strchr (line, '\t');
 
+      if ( (NULL != white) &&
 
+	   (white < colon) )
 
+	return MHD_NO;
 
+    }
 
   /* zero-terminate header */
 
   colon[0] = '\0';
 
   colon++;                      /* advance to value */

+ 1 - 1
src/microhttpd/digestauth.c
查看文件 

@@ -413,7 +413,7 @@ check_nonce_nc (struct MHD_Connection *connection,
 
     {
 
       /* Fresh nonce, reinitialize array */
 
       strcpy (nn->nonce,
 
-              nonce);
 
+	      nonce);
 
       nn->nc = 0;
 
       nn->nmask = 0;
 
       MHD_mutex_unlock_chk_ (&daemon->nnc_lock);