Parsing of malformed headers fails silently

mirage / ocaml-cohttp

An OCaml library for HTTP clients and servers using Lwt or Async

Other

704 stars 174 forks source link

Parsing of malformed headers fails silently #1032

Open askvortsov1 opened 4 months ago

askvortsov1 commented 4 months ago

The header parsing implementation returns early if it encounters a malformed header. It doesn't communicate any error info to the caller, and presumably the unparsed lines are interpreted as part of the body.

Athishpranav2003 commented 1 month ago

I guess i can check this out in my free time

Athishpranav2003 commented 1 month ago

@askvortsov1 can you list some kinda malformed headers for reference?

Athishpranav2003 commented 1 month ago

The request/status line and headers must all end with <CR><LF> (that is, a [carriage return](https://en.wikipedia.org/wiki/Carriage_return) followed by a [line feed](https://en.wikipedia.org/wiki/Line_feed)). The empty line must consist of only <CR><LF> and no other [whitespace](https://en.wikipedia.org/wiki/Whitespace_(computer_science)).

I got this in wiki and few more places(which referenced RFCs. I guess i will go with this as the standard