Skip to content
This repository has been archived by the owner on Nov 6, 2022. It is now read-only.

Commit

Permalink
http_parser: Follow RFC-7230 Sec 3.2.4
Browse files Browse the repository at this point in the history 
RFC-7230 Sec 3.2.4 expressly forbids line-folding in header
field-names.

This change no longer allows obsolete line-folding between the
header field-name and the colon. If HTTP_PARSER_STRICT is unset,
the parser still allows space characters.

Reviewed-By: Fedor Indutny <fedor@indutny.com>
  • Loading branch information
@indutny
Jeff Pinner authored and indutny committed Sep 9, 2014
1 parent 11ecb42 commit 0b43367
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 12 deletions.
12 changes: 0 additions & 12 deletions http_parser.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1390,18 +1390,6 @@ size_t http_parser_execute (http_parser *parser,
break;
}

if (ch == CR) {
parser->state = s_header_almost_done;
CALLBACK_DATA(header_field);
break;
}

if (ch == LF) {
parser->state = s_header_field_start;
CALLBACK_DATA(header_field);
break;
}

SET_ERRNO(HPE_INVALID_HEADER_TOKEN);
goto error;
}
Expand Down
7 changes: 7 additions & 0 deletions test.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3476,6 +3476,13 @@ main (void)
test_simple(buf, HPE_INVALID_METHOD);
}

// illegal header field name line folding
test_simple("GET / HTTP/1.1\r\n"
"name\r\n"
" : value\r\n"
"\r\n",
HPE_INVALID_HEADER_TOKEN);

const char *dumbfuck2 =
"GET / HTTP/1.1\r\n"
"X-SSL-Bullshit: -----BEGIN CERTIFICATE-----\r\n"
Expand Down

0 comments on commit 0b43367

Please sign in to comment.