examine the first char of header name (fixes kazuho/p5-http-parser-xs#5)

methane · Nov 6, 2012 · 8edde15 · 8edde15
1 parent 46502c0
commit 8edde15
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/picohttpparser.c b/picohttpparser.c
@@ -39,6 +39,16 @@
     toklen = buf - tok_start;			       \
   } while (0)
 
+static const char* token_char_map =
+  "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+  "\0\1\1\1\1\1\1\1\0\0\1\1\0\1\1\0\1\1\1\1\1\1\1\1\1\1\0\0\0\0\0\0"
+  "\0\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\0\0\0\1\1"
+  "\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\0\1\0\1\0"
+  "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+  "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+  "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+  "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+
 static const char* get_token_to_eol(const char* buf, const char* buf_end,
 				    const char** token, size_t* token_len,
 				    int* ret)
@@ -159,7 +169,11 @@ static const char* parse_headers(const char* buf, const char* buf_end,
       *ret = -1;
       return NULL;
     }
-    if (*num_headers == 0 || ! (*buf == ' ' || *buf == '\t')) {
+    if (! (*num_headers != 0 && (*buf == ' ' || *buf == '\t'))) {
+      if (! token_char_map[(unsigned char)*buf]) {
+	*ret = -1;
+	return NULL;
+      }
       /* parsing name, but do not discard SP before colon, see
        * http://www.mozilla.org/security/announce/2006/mfsa2006-33.html */
       headers[*num_headers].name = buf;

diff --git a/test.c b/test.c
@@ -92,6 +92,9 @@ int main(void)
   PARSE("GET /hoge HTTP/1.0\r\n\r\n", strlen("GET /hoge HTTP/1.0\r\n\r\n") - 1,
 	0, "slowloris (complete)");
 
+  PARSE("GET / HTTP/1.0\r\n:a\r\n\r\n", 0, -1, "empty header name");
+  PARSE("GET / HTTP/1.0\r\n :a\r\n\r\n", 0, -1, "header name (space only)");
+
 #undef PARSE
 
   return 0;