summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko2019-04-19 13:59:58 +0200
committerDenys Vlasenko2019-04-19 13:59:58 +0200
commitad29ba73ee00d4c78b3ab85a6b943a8c63075f50 (patch)
tree379dff42faf0a7eeedde0d7d23f7e3a8980b4122
parentd1a2fa2a4e013960bf56dfef8a71ed2d08fc756b (diff)
downloadbusybox-ad29ba73ee00d4c78b3ab85a6b943a8c63075f50.zip
busybox-ad29ba73ee00d4c78b3ab85a6b943a8c63075f50.tar.gz
httpd: require "HTTP/xyz" at the end of request line
function old new delta handle_incoming_and_exit 2379 2362 -17 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-17) Total: -17 bytes text data bss dec hex filename 981787 485 7296 989568 f1980 busybox_old 981779 485 7296 989560 f1978 busybox_unstripped Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--networking/httpd.c22
1 files changed, 8 insertions, 14 deletions
diff --git a/networking/httpd.c b/networking/httpd.c
index 0b5d2b4..f8a1e25 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -2128,7 +2128,6 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
smallint authorized = -1;
#endif
- char http_major_version;
char *HTTP_slash;
/* Allocation of iobuf is postponed until now
@@ -2191,16 +2190,12 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
if (urlp[0] != '/')
send_headers_and_exit(HTTP_BAD_REQUEST);
- /* Find end of URL and parse HTTP version, if any */
-//TODO: maybe just reject all queries which have no " HTTP/xyz" suffix?
-//Then 'http_major_version' can be deleted
- http_major_version = ('0' - 1); /* "less than 0th" version */
- HTTP_slash = strchrnul(urlp, ' ');
+ /* Find end of URL */
+ HTTP_slash = strchr(urlp, ' ');
/* Is it " HTTP/"? */
- if (HTTP_slash[0] && strncmp(HTTP_slash + 1, HTTP_200, 5) == 0) {
- http_major_version = HTTP_slash[6];
- *HTTP_slash++ = '\0';
- }
+ if (!HTTP_slash || strncmp(HTTP_slash + 1, HTTP_200, 5) != 0)
+ send_headers_and_exit(HTTP_BAD_REQUEST);
+ *HTTP_slash++ = '\0';
/* Copy URL from after "GET "/"POST " to stack-allocated char[] */
urlcopy = alloca((HTTP_slash - urlp) + 2 + strlen(index_page));
@@ -2216,6 +2211,8 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
Htaccess_Proxy *proxy_entry = find_proxy_entry(urlcopy);
if (proxy_entry) {
+ if (verbose > 1)
+ bb_error_msg("proxy:%s", urlcopy);
lsa = host2sockaddr(proxy_entry->host_port, 80);
if (!lsa)
send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR);
@@ -2233,7 +2230,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
prequest, /* "GET" or "POST" */
proxy_entry->url_to, /* "/new/path" */
urlcopy + strlen(proxy_entry->url_from), /* "SFX" */
- HTTP_slash /* HTTP/xyz" or "" */
+ HTTP_slash /* "HTTP/xyz" */
);
cgi_io_loop_and_exit(proxy_fd, proxy_fd, /*max POST length:*/ INT_MAX);
}
@@ -2366,8 +2363,6 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
#if ENABLE_FEATURE_HTTPD_CGI
total_headers_len = 0;
#endif
- if (http_major_version >= '0') {
- /* Request was with "... HTTP/nXXX", and n >= 0 */
/* Read until blank line */
while (1) {
@@ -2484,7 +2479,6 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
}
#endif
} /* while extra header reading */
- }
/* We are done reading headers, disable peer timeout */
alarm(0);