[libmicrohttpd] 01/05: testcurl: fixed checking response headers as null

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] 01/05: testcurl: fixed checking response headers as null

From:	gnunet
Subject:	[libmicrohttpd] 01/05: testcurl: fixed checking response headers as null-terminated string
Date:	Sat, 26 Nov 2022 18:08:15 +0100

This is an automated email from the git hooks/post-receive script.

karlson2k pushed a commit to branch master
in repository libmicrohttpd.

commit a37a83ff3ea2249b87176113dfb3e4ae2fec524e
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Mon Nov 7 11:49:36 2022 +0300

    testcurl: fixed checking response headers as null-terminated string
---
 src/testcurl/test_get_close_keep_alive.c |  6 +++---
 src/testcurl/test_head.c                 | 12 ++++++++++--
 src/testcurl/test_toolarge.c             | 11 ++++++++---
 3 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/src/testcurl/test_get_close_keep_alive.c 
b/src/testcurl/test_get_close_keep_alive.c
index 2eb29285..81f7576c 100644
--- a/src/testcurl/test_get_close_keep_alive.c
+++ b/src/testcurl/test_get_close_keep_alive.c
@@ -162,7 +162,7 @@ _libcurlErrorExit_func (const char *errDesc, const char 
*funcName, int lineNum)
 #define HDR_CONN_CLOSE_VALUE      "close"
 #define HDR_CONN_CLOSE            MHD_HTTP_HEADER_CONNECTION ": " \
                                   HDR_CONN_CLOSE_VALUE
-#define HDR_CONN_KEEP_ALIVE_VALUE "keep-alive"
+#define HDR_CONN_KEEP_ALIVE_VALUE "Keep-Alive"
 #define HDR_CONN_KEEP_ALIVE       MHD_HTTP_HEADER_CONNECTION ": " \
                                   HDR_CONN_KEEP_ALIVE_VALUE
 
@@ -255,10 +255,10 @@ lcurl_hdr_callback (char *buffer, size_t size, size_t 
nitems,
                          strlen (MHD_HTTP_VERSION_1_0))))
     check_res->found_http10 = 1;
   else if ((data_size == strlen (HDR_CONN_CLOSE) + 2) &&
-           (0 == strncasecmp (buffer, HDR_CONN_CLOSE "\r\n", data_size)))
+           (0 == memcmp (buffer, HDR_CONN_CLOSE "\r\n", data_size)))
     check_res->found_conn_close = 1;
   else if ((data_size == strlen (HDR_CONN_KEEP_ALIVE) + 2) &&
-           (0 == strncasecmp (buffer, HDR_CONN_KEEP_ALIVE "\r\n", data_size)))
+           (0 == memcmp (buffer, HDR_CONN_KEEP_ALIVE "\r\n", data_size)))
     check_res->found_conn_keep_alive = 1;
 
   return data_size;
diff --git a/src/testcurl/test_head.c b/src/testcurl/test_head.c
index 3c984125..066688b6 100644
--- a/src/testcurl/test_head.c
+++ b/src/testcurl/test_head.c
@@ -274,10 +274,13 @@ lcurl_hdr_callback (char *buffer, size_t size, size_t 
nitems,
     int res;
     const unsigned int numbers_pos =
       MHD_STATICSTR_LEN_ (MHD_HTTP_HEADER_CONTENT_LENGTH ": ");
-    res = snprintf (cmpbuf, sizeof(cmpbuf), "%u\r\n", 
check_res->expected_size);
+    res = snprintf (cmpbuf, sizeof(cmpbuf), "%u", check_res->expected_size);
     if ((res <= 0) || (res > ((int) (sizeof(cmpbuf) - 1))))
       externalErrorExit ();
-    if (0 != strcmp (buffer + numbers_pos, cmpbuf))
+    if (data_size - numbers_pos <= 2)
+      mhdErrorExitDesc ("Broken Content-Length");
+    else if ((((size_t) res + 2) != data_size - numbers_pos) ||
+             (0 != memcmp (buffer + numbers_pos, cmpbuf, (size_t) res)))
     {
       fprintf (stderr, "Wrong Content-Length.\n"
                "Expected:\n%u\n"
@@ -285,6 +288,11 @@ lcurl_hdr_callback (char *buffer, size_t size, size_t 
nitems,
                buffer + numbers_pos);
       mhdErrorExitDesc ("Wrong Content-Length");
     }
+    else if (0 != memcmp ("\r\n", buffer + data_size - 2, 2))
+    {
+      mhdErrorExitDesc ("The Content-Length header is not " \
+                        "terminated by CRLF");
+    }
     check_res->size_found++;
   }
 
diff --git a/src/testcurl/test_toolarge.c b/src/testcurl/test_toolarge.c
index e6c291e2..05e497a7 100644
--- a/src/testcurl/test_toolarge.c
+++ b/src/testcurl/test_toolarge.c
@@ -273,12 +273,17 @@ lcurl_hdr_callback (char *buffer, size_t size, size_t 
nitems,
     check_res->num_n1_headers++;
   else if ((5 <= data_size) && ('0' == buffer[0]))
   {
-    const char *const col_ptr = strstr (buffer, ": ");
+    const char *const col_ptr = memchr (buffer, ':', data_size);
     if (0 != check_res->large_header_value_size)
       mhdErrorExitDesc ("Expected only one large header, " \
                         "but found two large headers in the reply");
-    check_res->large_header_valid = 0;
-    if (NULL != col_ptr)
+    if (NULL == col_ptr)
+      check_res->large_header_valid = 0;
+    else if ((size_t) (col_ptr - buffer) >= data_size - 2)
+      check_res->large_header_valid = 0;
+    else if (*(col_ptr + 1) != ' ')
+      check_res->large_header_valid = 0;
+    else
     {
       const char *const name = buffer;
       const size_t name_len = (size_t) (col_ptr - buffer);

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[libmicrohttpd] branch master updated (1ffe7932 -> 3444792f), gnunet, 2022/11/26
- [libmicrohttpd] 02/05: test_upgrade{,_large}: fixed HTTP/1.1 compatibility, gnunet, 2022/11/26
- [libmicrohttpd] 01/05: testcurl: fixed checking response headers as null-terminated string, gnunet <=
- [libmicrohttpd] 03/05: test_get_iovec: fixed missing include headers, gnunet, 2022/11/26
- [libmicrohttpd] 04/05: configure: fixed detection of eventfd() with new compilers builds, gnunet, 2022/11/26
- [libmicrohttpd] 05/05: Refactored user-poison: minimized scope of non-sanitized code, gnunet, 2022/11/26

Prev by Date: [libmicrohttpd] 02/05: test_upgrade{,_large}: fixed HTTP/1.1 compatibility
Next by Date: [libmicrohttpd] 03/05: test_get_iovec: fixed missing include headers
Previous by thread: [libmicrohttpd] 02/05: test_upgrade{,_large}: fixed HTTP/1.1 compatibility
Next by thread: [libmicrohttpd] 03/05: test_get_iovec: fixed missing include headers
Index(es):
- Date
- Thread