[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [libmicrohttpd] branch master updated: expand strictness to
From: |
gnunet |
Subject: |
[GNUnet-SVN] [libmicrohttpd] branch master updated: expand strictness to cover spaces in URL |
Date: |
Thu, 01 Mar 2018 13:30:00 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository libmicrohttpd.
The following commit(s) were added to refs/heads/master by this push:
new 5717a9ec expand strictness to cover spaces in URL
5717a9ec is described below
commit 5717a9ec22d72d4d4202dfd3e1071ded9182e51e
Author: Christian Grothoff <address@hidden>
AuthorDate: Thu Mar 1 13:29:58 2018 +0100
expand strictness to cover spaces in URL
---
src/include/microhttpd.h | 20 ++++++++++++--------
src/lib/connection_call_handlers.c | 8 ++++++++
src/microhttpd/connection.c | 8 ++++++++
3 files changed, 28 insertions(+), 8 deletions(-)
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 77bb000c..b4e436c2 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -1470,14 +1470,18 @@ enum MHD_OPTION
MHD_OPTION_LISTEN_BACKLOG_SIZE = 28,
/**
- * If set to 1 - be strict about the protocol (as opposed to as
- * tolerant as possible). Specifically, at the moment, this flag
- * causes MHD to reject HTTP 1.1 connections without a "Host" header.
- * This is required by the standard, but of course in violation of
- * the "be as liberal as possible in what you accept" norm. It is
- * recommended to set this to 1 if you are testing clients against
- * MHD, and 0 in production.
- * This option should be followed by an `int` argument.
+ * If set to 1 - be strict about the protocol. Use -1 to be
+ * as tolerant as possible.
+ *
+ * Specifically, at the moment, at 1 this flag
+ * causes MHD to reject HTTP 1.1 connections without a "Host" header,
+ * and to disallow spaces in the URL or (at -1) in HTTP header key strings.
+ *
+ * These are required by some versions of the standard, but of
+ * course in violation of the "be as liberal as possible in what you
+ * accept" norm. It is recommended to set this to 1 if you are
+ * testing clients against MHD, and 0 in production. This option
+ * should be followed by an `int` argument.
*/
MHD_OPTION_STRICT_FOR_CLIENT = 29
};
diff --git a/src/lib/connection_call_handlers.c
b/src/lib/connection_call_handlers.c
index 17f32dae..cb82197c 100644
--- a/src/lib/connection_call_handlers.c
+++ b/src/lib/connection_call_handlers.c
@@ -1803,6 +1803,14 @@ parse_initial_message_line (struct MHD_Request *request,
line_len - (uri - line));
}
}
+ if ( (1 <= daemon->strict_for_client) &&
+ (NULL != memchr (line,
+ ' ',
+ http_version - line)) )
+ {
+ /* space exists in URI and we are supposed to be strict, reject */
+ return MHD_NO;
+ }
if (NULL != daemon->early_uri_logger_cb)
{
request->client_context
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index 39253a9f..691aa427 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -2241,6 +2241,14 @@ parse_initial_message_line (struct MHD_Connection
*connection,
line_len - (uri - line));
}
}
+ if ( (1 <= daemon->strict_for_client) &&
+ (NULL != memchr (line,
+ ' ',
+ http_version - line)) )
+ {
+ /* space exists in URI and we are supposed to be strict, reject */
+ return MHD_NO;
+ }
if (NULL != daemon->uri_log_callback)
{
connection->client_aware = true;
--
To stop receiving notification emails like this one, please contact
address@hidden
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [libmicrohttpd] branch master updated: expand strictness to cover spaces in URL,
gnunet <=