Open jow- opened 3 months ago
Consider the case in which the chunk size is just \t; some-junk
. Then, we break out of the first while loop, and the chunk-ext passes, and the chunk size counts as 0 even though it's invalid.
Also, chunk-extensions do have a grammar that it may be worth considering enforcing.
client: perform stricter HTTP request parsing
Introduce infrastructure and logic to perform less lenient parsing of HTTP request headers, chunk size headers and content-length values.
We can not rely on
strtoul()
to parse hexadecimal chunk sizes or content length values as it accepts a wider range of inputs than what is allowed by the HTTP spec.Decode the chunk sizes and length values manually and fix skipping chunk extension headers while we're at it. Also ensure that there's no trailing garbage after the size and that we bail out on overflows.
Also rework the parsing of request header lines, to reject malformed header lines or illegal header names.
Fixes: #3 Fixes: #5
client: don't advertise keep-alive in uh_header_error()
The function
uh_header_error()
will tear down the connection after sending the HTTP reply message, so update theconnection_close
flag accordingly to avoid incorrectly emitting aConnection: keep-alive
header.client: don't advertise keep-alive when sending error replies
Commit 15346de ("client: Always close connection with request body in case of error") added logic to close keep alive connections on HTTP errors due to unconsumed request body data.
However, since the check happens after emitting the standard HTTP headers, uhttpd might incorrectly reply with a
Connection: keep-alive
even if it is going to close the connection.Move the check before the emitting of the response headers in order to ensure that we're sending the correct
Connection: close
line.Fixes: 15346de ("client: Always close connection with request body in case of error")
file: don't keep alive after file requests with payload
Since we're not consuming any body data when serving file requests, forcibly shut down keep-alive connections after requests indicating either a content-length or a chunked transfer encoding in order to avoid interpreting request body data as subsequent HTTP request.