From 8d42c6344b7a96dbb42dd65e01617028d05d413a Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Wed, 21 Aug 2013 03:33:20 +0200 Subject: [PATCH] deps: upgrade http_parser to 303c4e4 Upgrade to joyent/http-parser@303c4e4. Changes: * Do not accept PUN/GEM methods as PUT/GET. * Further request method check strengthening. --- deps/http_parser/http_parser.c | 21 +++++++++++++++++++-- deps/http_parser/test.c | 18 +++++++++++------- 2 files changed, 30 insertions(+), 9 deletions(-) diff --git a/deps/http_parser/http_parser.c b/deps/http_parser/http_parser.c index 5e0a950a6f..55d7716228 100644 --- a/deps/http_parser/http_parser.c +++ b/deps/http_parser/http_parser.c @@ -936,6 +936,7 @@ size_t http_parser_execute (http_parser *parser, } else if (parser->index == 2 && ch == 'P') { parser->method = HTTP_COPY; } else { + SET_ERRNO(HPE_INVALID_METHOD); goto error; } } else if (parser->method == HTTP_MKCOL) { @@ -948,12 +949,14 @@ size_t http_parser_execute (http_parser *parser, } else if (parser->index == 2 && ch == 'A') { parser->method = HTTP_MKACTIVITY; } else { + SET_ERRNO(HPE_INVALID_METHOD); goto error; } } else if (parser->method == HTTP_SUBSCRIBE) { if (parser->index == 1 && ch == 'E') { parser->method = HTTP_SEARCH; } else { + SET_ERRNO(HPE_INVALID_METHOD); goto error; } } else if (parser->index == 1 && parser->method == HTTP_POST) { @@ -964,13 +967,27 @@ size_t http_parser_execute (http_parser *parser, } else if (ch == 'A') { parser->method = HTTP_PATCH; } else { + SET_ERRNO(HPE_INVALID_METHOD); goto error; } } else if (parser->index == 2) { if (parser->method == HTTP_PUT) { - if (ch == 'R') parser->method = HTTP_PURGE; + if (ch == 'R') { + parser->method = HTTP_PURGE; + } else { + SET_ERRNO(HPE_INVALID_METHOD); + goto error; + } } else if (parser->method == HTTP_UNLOCK) { - if (ch == 'S') parser->method = HTTP_UNSUBSCRIBE; + if (ch == 'S') { + parser->method = HTTP_UNSUBSCRIBE; + } else { + SET_ERRNO(HPE_INVALID_METHOD); + goto error; + } + } else { + SET_ERRNO(HPE_INVALID_METHOD); + goto error; } } else if (parser->index == 4 && parser->method == HTTP_PROPFIND && ch == 'P') { parser->method = HTTP_PROPPATCH; diff --git a/deps/http_parser/test.c b/deps/http_parser/test.c index 81e0c3bddf..46d817bb38 100644 --- a/deps/http_parser/test.c +++ b/deps/http_parser/test.c @@ -3117,14 +3117,8 @@ main (void) /// REQUESTS - test_simple("hello world", HPE_INVALID_METHOD); test_simple("GET / HTP/1.1\r\n\r\n", HPE_INVALID_VERSION); - - test_simple("ASDF / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD); - test_simple("PROPPATCHA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD); - test_simple("GETA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD); - // Well-formed but incomplete test_simple("GET / HTTP/1.1\r\n" "Content-Type: text/plain\r\n" @@ -3167,13 +3161,23 @@ main (void) } static const char *bad_methods[] = { + "ASDF", "C******", + "COLA", + "GEM", + "GETA", "M****", + "MKCOLA", + "PROPPATCHA", + "PUN", + "PX", + "SA", + "hello world", 0 }; for (this_method = bad_methods; *this_method; this_method++) { char buf[200]; sprintf(buf, "%s / HTTP/1.1\r\n\r\n", *this_method); - test_simple(buf, HPE_UNKNOWN); + test_simple(buf, HPE_INVALID_METHOD); } const char *dumbfuck2 =