diff options
author | Matus Fabian <matfabia@cisco.com> | 2024-08-23 17:35:50 +0200 |
---|---|---|
committer | Florin Coras <florin.coras@gmail.com> | 2024-08-23 17:59:46 +0000 |
commit | 69123a3f670a41e31b0988583e342a7df028f136 (patch) | |
tree | be00d3ffc3ba9769ea6d36d5c8ef2ec69a8fe9f1 /src/plugins/http/http.c | |
parent | 4306a3e8f4f8016e7571be75b6418b77ee2f701d (diff) |
http: status line parsing fix
Request line must only start with method name and server should
ignore at least one empty line (CRLF) received prior to the
request-line.
Type: fix
Change-Id: Ifebd992dc4c13df1a3fabfcdef9e7ee644150a21
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Diffstat (limited to 'src/plugins/http/http.c')
-rw-r--r-- | src/plugins/http/http.c | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/src/plugins/http/http.c b/src/plugins/http/http.c index f4b330a19fc..b143893f494 100644 --- a/src/plugins/http/http.c +++ b/src/plugins/http/http.c @@ -587,10 +587,10 @@ static int http_parse_request_line (http_conn_t *hc, http_status_code_t *ec) { int i, target_len; - u32 next_line_offset; + u32 next_line_offset, method_offset; /* request-line = method SP request-target SP HTTP-version CRLF */ - i = v_find_index (hc->rx_buf, 0, 0, "\r\n"); + i = v_find_index (hc->rx_buf, 8, 0, "\r\n"); if (i < 0) { clib_warning ("request line incomplete"); @@ -609,24 +609,40 @@ http_parse_request_line (http_conn_t *hc, http_status_code_t *ec) return -1; } + /* + * RFC9112 2.2: + * In the interest of robustness, a server that is expecting to receive and + * parse a request-line SHOULD ignore at least one empty line (CRLF) + * received prior to the request-line. + */ + method_offset = hc->rx_buf[0] == '\r' && hc->rx_buf[1] == '\n' ? 2 : 0; /* parse method */ - if ((i = v_find_index (hc->rx_buf, 0, next_line_offset, "GET ")) >= 0) + if (!memcmp (hc->rx_buf + method_offset, "GET ", 4)) { HTTP_DBG (0, "GET method"); hc->method = HTTP_REQ_GET; - hc->target_path_offset = i + 4; + hc->target_path_offset = method_offset + 4; } - else if ((i = v_find_index (hc->rx_buf, 0, next_line_offset, "POST ")) >= 0) + else if (!memcmp (hc->rx_buf + method_offset, "POST ", 5)) { HTTP_DBG (0, "POST method"); hc->method = HTTP_REQ_POST; - hc->target_path_offset = i + 5; + hc->target_path_offset = method_offset + 5; } else { - clib_warning ("method not implemented: %8v", hc->rx_buf); - *ec = HTTP_STATUS_NOT_IMPLEMENTED; - return -1; + if (hc->rx_buf[method_offset] - 'A' <= 'Z' - hc->rx_buf[method_offset]) + { + clib_warning ("not method name: %8v", hc->rx_buf); + *ec = HTTP_STATUS_BAD_REQUEST; + return -1; + } + else + { + clib_warning ("method not implemented: %8v", hc->rx_buf); + *ec = HTTP_STATUS_NOT_IMPLEMENTED; + return -1; + } } /* find version */ |