net/http: support for bad clients that send literal spaces in the request URI? #17995
Description
I've written an HTTP server using Go for XBMC/Kodi clients. Kodi is a widely used open-source media player. In fact Kodi uses webdav, so I've implemented this with x/net/webdav, which is built on the standard net/http.
The problem is that Kodi (and its predecessor, XBMC) will send plain spaces in URIs. They're not encoded as %20. This is certainly a bug- but Apache and Lighttpd accept that, as they parse the request line by finding the first space from the left, everything before that is the HTTP Method, and the first space from the right, everything after that is the HTTP Version, and anything in between is the request URI.
net/http/request.go however just looks for the first and second space:
750 func parseRequestLine(line string) (method, requestURI, proto string, ok bool) {
751 s1 := strings.Index(line, " ")
752 s2 := strings.Index(line[s1+1:], " ")
753 if s1 < 0 || s2 < 0 {
754 return
755 }
756 s2 += s1 + 1
757 return line[:s1], line[s1+1 : s2], line[s2+1:], true
758 }
So it doesn't work with XBMC/Kodi clients, and possibly others.
This can be fixed easily with the following patch:
@@ -750,9 +750,8 @@
func parseRequestLine(line string) (method, requestURI, proto string, ok bool) {
s1 := strings.Index(line, " ")
- s2 := strings.Index(line[s1+1:], " ")
+ s2 := strings.LastIndex(line, " ")
if s1 < 0 || s2 < 0 {
return
}
- s2 += s1 + 1
return line[:s1], line[s1+1 : s2], line[s2+1:], true
}
Now, ofcourse, it is debatable whether net/http should support such buggy clients. So if you think that it should not, just close this bug report.
Thank you.
Mike.