deps: upgrade http_parser to 303c4e4

Upgrade to joyent/http-parser@303c4e4. Changes: * Do not accept PUN/GEM methods as PUT/GET. * Further request method check strengthening.
2013-08-21 03:33:20 +02:00 · 2013-08-21 03:33:20 +02:00 · 8d42c6344b
commit 8d42c6344b
parent af6a2339c5
2 changed files with 30 additions and 9 deletions
--- a/deps/http_parser/http_parser.c
+++ b/deps/http_parser/http_parser.c
@ -936,6 +936,7 @@ size_t http_parser_execute (http_parser *parser,
          } else if (parser->index == 2  && ch == 'P') {
            parser->method = HTTP_COPY;
          } else {
+            SET_ERRNO(HPE_INVALID_METHOD);
            goto error;
          }
        } else if (parser->method == HTTP_MKCOL) {
@ -948,12 +949,14 @@ size_t http_parser_execute (http_parser *parser,
          } else if (parser->index == 2 && ch == 'A') {
            parser->method = HTTP_MKACTIVITY;
          } else {
+            SET_ERRNO(HPE_INVALID_METHOD);
            goto error;
          }
        } else if (parser->method == HTTP_SUBSCRIBE) {
          if (parser->index == 1 && ch == 'E') {
            parser->method = HTTP_SEARCH;
          } else {
+            SET_ERRNO(HPE_INVALID_METHOD);
            goto error;
          }
        } else if (parser->index == 1 && parser->method == HTTP_POST) {
@ -964,13 +967,27 @@ size_t http_parser_execute (http_parser *parser,
          } else if (ch == 'A') {
            parser->method = HTTP_PATCH;
          } else {
+            SET_ERRNO(HPE_INVALID_METHOD);
            goto error;
          }
        } else if (parser->index == 2) {
          if (parser->method == HTTP_PUT) {
-            if (ch == 'R') parser->method = HTTP_PURGE;
+            if (ch == 'R') {
+              parser->method = HTTP_PURGE;
+            } else {
+              SET_ERRNO(HPE_INVALID_METHOD);
+              goto error;
+            }
          } else if (parser->method == HTTP_UNLOCK) {
-            if (ch == 'S') parser->method = HTTP_UNSUBSCRIBE;
+            if (ch == 'S') {
+              parser->method = HTTP_UNSUBSCRIBE;
+            } else {
+              SET_ERRNO(HPE_INVALID_METHOD);
+              goto error;
+            }
+          } else {
+            SET_ERRNO(HPE_INVALID_METHOD);
+            goto error;
          }
        } else if (parser->index == 4 && parser->method == HTTP_PROPFIND && ch == 'P') {
          parser->method = HTTP_PROPPATCH;
--- a/deps/http_parser/test.c
+++ b/deps/http_parser/test.c
@ -3117,14 +3117,8 @@ main (void)

  /// REQUESTS

-  test_simple("hello world", HPE_INVALID_METHOD);
  test_simple("GET / HTP/1.1\r\n\r\n", HPE_INVALID_VERSION);

-
-  test_simple("ASDF / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
-  test_simple("PROPPATCHA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
-  test_simple("GETA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
-
  // Well-formed but incomplete
  test_simple("GET / HTTP/1.1\r\n"
              "Content-Type: text/plain\r\n"
@ -3167,13 +3161,23 @@ main (void)
  }

  static const char *bad_methods[] = {
+      "ASDF",
      "C******",
+      "COLA",
+      "GEM",
+      "GETA",
      "M****",
+      "MKCOLA",
+      "PROPPATCHA",
+      "PUN",
+      "PX",
+      "SA",
+      "hello world",
      0 };
  for (this_method = bad_methods; *this_method; this_method++) {
    char buf[200];
    sprintf(buf, "%s / HTTP/1.1\r\n\r\n", *this_method);
-    test_simple(buf, HPE_UNKNOWN);
+    test_simple(buf, HPE_INVALID_METHOD);
  }

  const char *dumbfuck2 =