File bsc1041216-part2.patch of Package libmicrohttpd.4786

Overview Repositories Revisions Requests Users Attributes Meta

File bsc1041216-part2.patch of Package libmicrohttpd.4786

From e95ec4874da57b153ecea27fa553ae8a19b4a280 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Sun, 23 Apr 2017 20:07:10 +0200
Subject: enforce RFC 7230 no-whitespace in header field name rule if
 MHD_USE_PEDANTIC_CHECKS is set

Index: libmicrohttpd-0.9.30/src/examples/minimal_example.c
===================================================================
--- libmicrohttpd-0.9.30.orig/src/examples/minimal_example.c
+++ libmicrohttpd-0.9.30/src/examples/minimal_example.c
@@ -68,7 +68,7 @@ main (int argc, char *const *argv)
       return 1;
     }
   d = MHD_start_daemon (// MHD_USE_SELECT_INTERNALLY | MHD_USE_DEBUG | MHD_USE_POLL,
-			MHD_USE_SELECT_INTERNALLY | MHD_USE_DEBUG,
+			MHD_USE_SELECT_INTERNALLY | MHD_USE_DEBUG | MHD_USE_PEDANTIC_CHECKS,
 			// MHD_USE_THREAD_PER_CONNECTION | MHD_USE_DEBUG | MHD_USE_POLL,
 			// MHD_USE_THREAD_PER_CONNECTION | MHD_USE_DEBUG,
                         atoi (argv[1]),
Index: libmicrohttpd-0.9.30/src/microhttpd/connection.c
===================================================================
--- libmicrohttpd-0.9.30.orig/src/microhttpd/connection.c
+++ libmicrohttpd-0.9.30/src/microhttpd/connection.c
@@ -1625,6 +1625,22 @@ process_header_line (struct MHD_Connecti
 			      "Received malformed line (no colon), closing connection.\n");
       return MHD_NO;
     }
+  if (0 != (MHD_USE_PEDANTIC_CHECKS & connection->daemon->options))
+    {
+      /* check for whitespace before colon, which is not allowed
+	 by RFC 7230 section 3.2.4; we count space ' ' and
+	 tab '\t', but not '\r\n' as those would have ended the line. */
+      const char *white;
+
+      white = strchr (line, ' ');
+      if ( (NULL != white) &&
+	   (white < colon) )
+	return MHD_NO;
+      white = strchr (line, '\t');
+      if ( (NULL != white) &&
+	   (white < colon) )
+	return MHD_NO;
+    }
   /* zero-terminate header */
   colon[0] = '\0';
   colon++;                      /* advance to value */

Places

File bsc1041216-part2.patch of Package libmicrohttpd.4786

Places