deps: upgrade http_parser to 303c4e4
Upgrade to joyent/http-parser@303c4e4. Changes: * Do not accept PUN/GEM methods as PUT/GET. * Further request method check strengthening.
This commit is contained in:
parent
af6a2339c5
commit
8d42c6344b
21
deps/http_parser/http_parser.c
vendored
21
deps/http_parser/http_parser.c
vendored
@ -936,6 +936,7 @@ size_t http_parser_execute (http_parser *parser,
|
||||
} else if (parser->index == 2 && ch == 'P') {
|
||||
parser->method = HTTP_COPY;
|
||||
} else {
|
||||
SET_ERRNO(HPE_INVALID_METHOD);
|
||||
goto error;
|
||||
}
|
||||
} else if (parser->method == HTTP_MKCOL) {
|
||||
@ -948,12 +949,14 @@ size_t http_parser_execute (http_parser *parser,
|
||||
} else if (parser->index == 2 && ch == 'A') {
|
||||
parser->method = HTTP_MKACTIVITY;
|
||||
} else {
|
||||
SET_ERRNO(HPE_INVALID_METHOD);
|
||||
goto error;
|
||||
}
|
||||
} else if (parser->method == HTTP_SUBSCRIBE) {
|
||||
if (parser->index == 1 && ch == 'E') {
|
||||
parser->method = HTTP_SEARCH;
|
||||
} else {
|
||||
SET_ERRNO(HPE_INVALID_METHOD);
|
||||
goto error;
|
||||
}
|
||||
} else if (parser->index == 1 && parser->method == HTTP_POST) {
|
||||
@ -964,13 +967,27 @@ size_t http_parser_execute (http_parser *parser,
|
||||
} else if (ch == 'A') {
|
||||
parser->method = HTTP_PATCH;
|
||||
} else {
|
||||
SET_ERRNO(HPE_INVALID_METHOD);
|
||||
goto error;
|
||||
}
|
||||
} else if (parser->index == 2) {
|
||||
if (parser->method == HTTP_PUT) {
|
||||
if (ch == 'R') parser->method = HTTP_PURGE;
|
||||
if (ch == 'R') {
|
||||
parser->method = HTTP_PURGE;
|
||||
} else {
|
||||
SET_ERRNO(HPE_INVALID_METHOD);
|
||||
goto error;
|
||||
}
|
||||
} else if (parser->method == HTTP_UNLOCK) {
|
||||
if (ch == 'S') parser->method = HTTP_UNSUBSCRIBE;
|
||||
if (ch == 'S') {
|
||||
parser->method = HTTP_UNSUBSCRIBE;
|
||||
} else {
|
||||
SET_ERRNO(HPE_INVALID_METHOD);
|
||||
goto error;
|
||||
}
|
||||
} else {
|
||||
SET_ERRNO(HPE_INVALID_METHOD);
|
||||
goto error;
|
||||
}
|
||||
} else if (parser->index == 4 && parser->method == HTTP_PROPFIND && ch == 'P') {
|
||||
parser->method = HTTP_PROPPATCH;
|
||||
|
18
deps/http_parser/test.c
vendored
18
deps/http_parser/test.c
vendored
@ -3117,14 +3117,8 @@ main (void)
|
||||
|
||||
/// REQUESTS
|
||||
|
||||
test_simple("hello world", HPE_INVALID_METHOD);
|
||||
test_simple("GET / HTP/1.1\r\n\r\n", HPE_INVALID_VERSION);
|
||||
|
||||
|
||||
test_simple("ASDF / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
|
||||
test_simple("PROPPATCHA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
|
||||
test_simple("GETA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
|
||||
|
||||
// Well-formed but incomplete
|
||||
test_simple("GET / HTTP/1.1\r\n"
|
||||
"Content-Type: text/plain\r\n"
|
||||
@ -3167,13 +3161,23 @@ main (void)
|
||||
}
|
||||
|
||||
static const char *bad_methods[] = {
|
||||
"ASDF",
|
||||
"C******",
|
||||
"COLA",
|
||||
"GEM",
|
||||
"GETA",
|
||||
"M****",
|
||||
"MKCOLA",
|
||||
"PROPPATCHA",
|
||||
"PUN",
|
||||
"PX",
|
||||
"SA",
|
||||
"hello world",
|
||||
0 };
|
||||
for (this_method = bad_methods; *this_method; this_method++) {
|
||||
char buf[200];
|
||||
sprintf(buf, "%s / HTTP/1.1\r\n\r\n", *this_method);
|
||||
test_simple(buf, HPE_UNKNOWN);
|
||||
test_simple(buf, HPE_INVALID_METHOD);
|
||||
}
|
||||
|
||||
const char *dumbfuck2 =
|
||||
|
Loading…
x
Reference in New Issue
Block a user