1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

deps: upgrade http_parser to 303c4e4

Browse Source 
Upgrade to joyent/http-parser@303c4e4. Changes:

  * Do not accept PUN/GEM methods as PUT/GET.
  * Further request method check strengthening.
This commit is contained in:
Ben Noordhuis 2013-08-21 03:33:20 +02:00
parent af6a2339c5
commit 8d42c6344b
2 changed files with 30 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
deps/http_parser/http_parser.c vendored
View File

@ -936,6 +936,7 @@ size_t http_parser_execute (http_parser *parser,
} else if (parser->index == 2 && ch == 'P') { } else if (parser->index == 2 && ch == 'P') {
parser->method = HTTP_COPY; parser->method = HTTP_COPY;
} else { } else {
SET_ERRNO(HPE_INVALID_METHOD);
goto error; goto error;
} }
} else if (parser->method == HTTP_MKCOL) { } else if (parser->method == HTTP_MKCOL) {
@ -948,12 +949,14 @@ size_t http_parser_execute (http_parser *parser,
} else if (parser->index == 2 && ch == 'A') { } else if (parser->index == 2 && ch == 'A') {
parser->method = HTTP_MKACTIVITY; parser->method = HTTP_MKACTIVITY;
} else { } else {
SET_ERRNO(HPE_INVALID_METHOD);
goto error; goto error;
} }
} else if (parser->method == HTTP_SUBSCRIBE) { } else if (parser->method == HTTP_SUBSCRIBE) {
if (parser->index == 1 && ch == 'E') { if (parser->index == 1 && ch == 'E') {
parser->method = HTTP_SEARCH; parser->method = HTTP_SEARCH;
} else { } else {
SET_ERRNO(HPE_INVALID_METHOD);
goto error; goto error;
} }
} else if (parser->index == 1 && parser->method == HTTP_POST) { } else if (parser->index == 1 && parser->method == HTTP_POST) {
@ -964,13 +967,27 @@ size_t http_parser_execute (http_parser *parser,
} else if (ch == 'A') { } else if (ch == 'A') {
parser->method = HTTP_PATCH; parser->method = HTTP_PATCH;
} else { } else {
SET_ERRNO(HPE_INVALID_METHOD);
goto error; goto error;
} }
} else if (parser->index == 2) { } else if (parser->index == 2) {
if (parser->method == HTTP_PUT) { if (parser->method == HTTP_PUT) {
if (ch == 'R') parser->method = HTTP_PURGE; if (ch == 'R') {
parser->method = HTTP_PURGE;
} else {
SET_ERRNO(HPE_INVALID_METHOD);
goto error;
}
} else if (parser->method == HTTP_UNLOCK) { } else if (parser->method == HTTP_UNLOCK) {
if (ch == 'S') parser->method = HTTP_UNSUBSCRIBE; if (ch == 'S') {
parser->method = HTTP_UNSUBSCRIBE;
} else {
SET_ERRNO(HPE_INVALID_METHOD);
goto error;
}
} else {
SET_ERRNO(HPE_INVALID_METHOD);
goto error;
} }
} else if (parser->index == 4 && parser->method == HTTP_PROPFIND && ch == 'P') { } else if (parser->index == 4 && parser->method == HTTP_PROPFIND && ch == 'P') {
parser->method = HTTP_PROPPATCH; parser->method = HTTP_PROPPATCH;

18
deps/http_parser/test.c vendored
View File

@ -3117,14 +3117,8 @@ main (void)
/// REQUESTS /// REQUESTS
test_simple("hello world", HPE_INVALID_METHOD);
test_simple("GET / HTP/1.1\r\n\r\n", HPE_INVALID_VERSION); test_simple("GET / HTP/1.1\r\n\r\n", HPE_INVALID_VERSION);
test_simple("ASDF / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
test_simple("PROPPATCHA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
test_simple("GETA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
// Well-formed but incomplete // Well-formed but incomplete
test_simple("GET / HTTP/1.1\r\n" test_simple("GET / HTTP/1.1\r\n"
"Content-Type: text/plain\r\n" "Content-Type: text/plain\r\n"
@ -3167,13 +3161,23 @@ main (void)
} }
static const char *bad_methods[] = { static const char *bad_methods[] = {
"ASDF",
"C******", "C******",
"COLA",
"GEM",
"GETA",
"M****", "M****",
"MKCOLA",
"PROPPATCHA",
"PUN",
"PX",
"SA",
"hello world",
0 }; 0 };
for (this_method = bad_methods; *this_method; this_method++) { for (this_method = bad_methods; *this_method; this_method++) {
char buf[200]; char buf[200];
sprintf(buf, "%s / HTTP/1.1\r\n\r\n", *this_method); sprintf(buf, "%s / HTTP/1.1\r\n\r\n", *this_method);
test_simple(buf, HPE_UNKNOWN); test_simple(buf, HPE_INVALID_METHOD);
} }
const char *dumbfuck2 = const char *dumbfuck2 =