lib-http: message parser: Reject messages with invalid Date header wh…

…en HTTP_MESSAGE_PARSE_FLAG_STRICT flag is enabled.
dovecot · Jul 27, 2017 · d577bb9 · d577bb9
1 parent 76b50cc
commit d577bb9
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 3 deletions.
diff --git a/src/lib-http/http-message-parser.c b/src/lib-http/http-message-parser.c
@@ -229,7 +229,12 @@ http_message_parse_header(struct http_message_parser *parser,
 
 			   Date = HTTP-date
 			 */
-			(void)http_date_parse(data, size, &parser->msg.date);
+			if (!http_date_parse(data, size, &parser->msg.date) &&
+				(parser->flags & HTTP_MESSAGE_PARSE_FLAG_STRICT) != 0) {
+				parser->error = "Invalid Date header";
+				parser->error_code = HTTP_MESSAGE_PARSE_ERROR_BROKEN_MESSAGE;
+				return -1;
+			}
 			return 0;
 		}
 		break;

diff --git a/src/lib-http/test-http-request-parser.c b/src/lib-http/test-http-request-parser.c
@@ -142,6 +142,18 @@ valid_request_parse_tests[] = {
 		},
 		.version_major = 1, .version_minor = 1,
 		.expect_100_continue = TRUE
+	},{ .request =
+			"GET / HTTP/1.1\r\n"
+			"Date: Mon, 09 Kul 2018 02:24:29 GMT\r\n"
+			"Host: example.com\r\n"
+			"\r\n",
+		.method = "GET",
+		.target_raw = "/",
+		.target = {
+			.format = HTTP_REQUEST_TARGET_FORMAT_ORIGIN,
+			.url = { .host = { .name = "example.com" } }
+		},
+		.version_major = 1, .version_minor = 1,
 	},{ .request =
 			"GET / HTTP/1.1\r\n"
 			"Date: Sun, 07 Oct 2012 19:52:03 GMT\r\n"
@@ -371,6 +383,14 @@ invalid_request_parse_tests[] = {
 			"Transfer-Encoding: cuneiform, chunked\r\n"
 			"\r\n",
 		.error_code = HTTP_REQUEST_PARSE_ERROR_NOT_IMPLEMENTED
+	},{
+		.request =
+			"GET / HTTP/1.1\r\n"
+			"Date: Mon, 09 Kul 2018 02:24:29 GMT\r\n"
+			"Host: example.com\r\n"
+			"\r\n",
+		.flags = HTTP_REQUEST_PARSE_FLAG_STRICT,
+		.error_code = HTTP_REQUEST_PARSE_ERROR_BROKEN_REQUEST
 	},{
 		.request =
 			"GET / HTTP/1.1\r\n"

diff --git a/src/lib-http/test-http-response-parser.c b/src/lib-http/test-http-response-parser.c
@@ -54,6 +54,13 @@ static const struct valid_parse_test_response valid_responses3[] = {
 };
 
 static const struct valid_parse_test_response valid_responses4[] = {
+	{
+		.status = 200,
+		.payload = "Invalid date header"
+	}
+};
+
+static const struct valid_parse_test_response valid_responses5[] = {
 	{
 		.status = 200,
 		.payload = "Duplicate headers"
@@ -121,6 +128,18 @@ valid_response_parse_tests[] = {
 			"Frop!",
 		.responses = valid_responses3,
 		.responses_count = N_ELEMENTS(valid_responses3)
+	},{
+		.input =
+			"HTTP/1.1 200 OK\r\n"
+			"Date: Sun, 07 Ocu 2012 19:52:03 GMT\r\n"
+			"Content-Length: 19\r\n"
+			"Keep-Alive: timeout=15, max=99\r\n"
+			"Connection: Keep-Alive\r\n"
+			"Date: Sun, 13 Oct 2013 13:13:13 GMT\r\n"
+			"\r\n"
+			"Invalid date header",
+		.responses = valid_responses4,
+		.responses_count = N_ELEMENTS(valid_responses4)
 	},{
 		.input =
 			"HTTP/1.1 200 OK\r\n"
@@ -133,8 +152,8 @@ valid_response_parse_tests[] = {
 			"Date: Sun, 13 Oct 2013 13:13:13 GMT\r\n"
 			"\r\n"
 			"Duplicate headers",
-		.responses = valid_responses4,
-		.responses_count = N_ELEMENTS(valid_responses4)
+		.responses = valid_responses5,
+		.responses_count = N_ELEMENTS(valid_responses5)
 	}
 };
 
@@ -261,6 +280,16 @@ static struct invalid_parse_test invalid_response_parse_tests[] = {
 			"HTTP/1.1 302 Found\n\r"
 			"Location: http://www.example.nl/\n\r"
 			"Cache-Control: private\n\r"
+	},{
+		.input =
+			"HTTP/1.1 200 OK\r\n"
+			"Date: Sun, 07 Ocu 2012 19:52:03 GMT\r\n"
+			"Content-Length: 19\r\n"
+			"Keep-Alive: timeout=15, max=99\r\n"
+			"Connection: Keep-Alive\r\n"
+			"\r\n"
+			"Invalid date header",
+		.flags = HTTP_RESPONSE_PARSE_FLAG_STRICT
 	},{
 		.input =
 			"HTTP/1.1 200 OK\r\n"