Context Navigation

← Previous Changeset
Next Changeset →

Changeset 60

Timestamp:

03/01/2005 10:55:47 AM (4 years ago)

Author:

jan

Message:

fixed #25 by setting all duplicates to 400

Location:

trunk

Files:

: 3 modified

configure.in (modified) (1 diff)
src/request.c (modified) (3 diffs)
tests/run-tests.pl (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/configure.in

r53	r60
381	381	tests/docroot/www/go/Makefile \
382	382	tests/docroot/www/indexfile/Makefile \
	383	tests/docroot/www/expire/Makefile \
383	384	lighttpd.spec distribute.sh cygwin/Makefile cygwin/lighttpd.README
384	385	openwrt/Makefile openwrt/control openwrt/lighttpd.mk])

trunk/src/request.c

r48	r60
733	733	size_t j;
734	734
	735	if (con_length_set) {
	736	con->http_status = 400;
	737	con->keep_alive = 0;
	738
	739	log_error_write(srv, __FILE__, __LINE__, "s",
	740	"duplicate Content-Length-header -> 400");
	741	if (srv->srvconf.log_request_header_on_error) {
	742	log_error_write(srv, __FILE__, __LINE__, "Sb",
	743	"request-header:\n",
	744	con->request.request);
	745	}
	746	return 0;
	747	}
	748
735	749	if (ds->value->used == 0) SEGFAULT();
736	750
…	…
765	779	}
766	780	} else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Content-Type")))) {
767		con->request.http_content_type = ds->value->ptr;
	781	/* if dup, only the first one will survive */
	782	if (!con->request.http_content_type) {
	783	con->request.http_content_type = ds->value->ptr;
	784	} else {
	785	con->http_status = 400;
	786	con->keep_alive = 0;
	787
	788	log_error_write(srv, __FILE__, __LINE__, "s",
	789	"duplicate Content-Type-header -> 400");
	790	if (srv->srvconf.log_request_header_on_error) {
	791	log_error_write(srv, __FILE__, __LINE__, "Sb",
	792	"request-header:\n",
	793	con->request.request);
	794	}
	795	return 0;
	796	}
768	797	} else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Expect")))) {
769	798	/* HTTP 2616 8.2.3
…	…
782	811	return 0;
783	812	} else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Host")))) {
784		con->request.http_host = ds->value;
	813	if (!con->request.http_host) {
	814	con->request.http_host = ds->value;
	815	} else {
	816	con->http_status = 400;
	817	con->keep_alive = 0;
	818
	819	log_error_write(srv, __FILE__, __LINE__, "s",
	820	"duplicate Host-header -> 400");
	821	if (srv->srvconf.log_request_header_on_error) {
	822	log_error_write(srv, __FILE__, __LINE__, "Sb",
	823	"request-header:\n",
	824	con->request.request);
	825	}
	826	return 0;
	827	}
785	828	} else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("If-Modified-Since")))) {
786		con->request.http_if_modified_since = ds->value->ptr;
	829	/* if dup, only the first one will survive */
	830	if (!con->request.http_if_modified_since) {
	831	con->request.http_if_modified_since = ds->value->ptr;
	832	} else {
	833	con->http_status = 400;
	834	con->keep_alive = 0;
	835
	836	log_error_write(srv, __FILE__, __LINE__, "s",
	837	"duplicate If-Modified-Since header -> 400");
	838	if (srv->srvconf.log_request_header_on_error) {
	839	log_error_write(srv, __FILE__, __LINE__, "Sb",
	840	"request-header:\n",
	841	con->request.request);
	842	}
	843	return 0;
	844	}
787	845	} else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("If-None-Match")))) {
788		con->request.http_if_none_match = ds->value->ptr;
	846	/* if dup, only the first one will survive */
	847	if (!con->request.http_if_none_match) {
	848	con->request.http_if_none_match = ds->value->ptr;
	849	} else {
	850	con->http_status = 400;
	851	con->keep_alive = 0;
	852
	853	log_error_write(srv, __FILE__, __LINE__, "s",
	854	"duplicate If-None-Match-header -> 400");
	855	if (srv->srvconf.log_request_header_on_error) {
	856	log_error_write(srv, __FILE__, __LINE__, "Sb",
	857	"request-header:\n",
	858	con->request.request);
	859	}
	860	return 0;
	861	}
789	862	} else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Range")))) {
790		/* bytes=.-. */
791
792		if (0 == strncasecmp(ds->value->ptr, "bytes=", 6) &&
793		NULL != strchr(ds->value->ptr+6, '-')) {
	863	if (!con->request.http_range) {
	864	/* bytes=.-. */
	865
	866	if (0 == strncasecmp(ds->value->ptr, "bytes=", 6) &&
	867	NULL != strchr(ds->value->ptr+6, '-')) {
	868
	869	/* if dup, only the first one will survive */
	870	con->request.http_range = ds->value->ptr + 6;
	871	}
	872	} else {
	873	con->http_status = 400;
	874	con->keep_alive = 0;
794	875
795		con->request.http_range = ds->value->ptr + 6;
	876	log_error_write(srv, __FILE__, __LINE__, "s",
	877	"duplicate Host-header -> 400");
	878	if (srv->srvconf.log_request_header_on_error) {
	879	log_error_write(srv, __FILE__, __LINE__, "Sb",
	880	"request-header:\n",
	881	con->request.request);
	882	}
	883	return 0;
796	884	}
797	885	}

trunk/tests/run-tests.pl

r56	r60
3	3	use strict;
4	4	use IO::Socket;
5		use Test::More tests => 114;
	5	use Test::More tests => 120;
6	6
7	7
…	…
511	511
512	512
	513
	514
	515
	516
	517
	518
513	519	print "\nLow-Level Response-Header Parsing - Content-Length:\n";
514	520	@request = ( <<EOF
…	…
529	535
530	536
	537
	538
	539
	540
	541
	542
	543
	544
531	545	print "\nLow-Level Response-Header Parsing - Location:\n";
532	546	@request = ( <<EOF
…	…
543	557	@response = ( { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 301, 'Location' => 'http://localhost:2048/dummydir/?foo' } );
544	558	ok(handle_http == 0, 'internal redirect in directory + querystring');
	559
	560
	561
	562
	563
	564
	565
	566
	567
	568
545	569
546	570
…	…
765	789
766	790
	791	@request = ( <<EOF
	792	GET / HTTP/1.0
	793	Host: www.example.org
	794	Host: 123.example.org
	795	EOF
	796	);
	797	@response = ( { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } );
	798	ok(handle_http == 0, 'Duplicate Host headers, Bug #25');
	799
	800
	801	@request = ( <<EOF
	802	GET / HTTP/1.0
	803	Content-Length: 5
	804	Content-Length: 4
	805	EOF
	806	);
	807	@response = ( { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } );
	808	ok(handle_http == 0, 'Duplicate Content-Length headers');
	809
	810	@request = ( <<EOF
	811	GET / HTTP/1.0
	812	Content-Type: 5
	813	Content-Type: 4
	814	EOF
	815	);
	816	@response = ( { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } );
	817	ok(handle_http == 0, 'Duplicate Content-Type headers');
	818
	819	@request = ( <<EOF
	820	GET / HTTP/1.0
	821	Range: bytes=5-6
	822	Range: bytes=5-9
	823	EOF
	824	);
	825	@response = ( { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } );
	826	ok(handle_http == 0, 'Duplicate Range headers');
	827
	828	@request = ( <<EOF
	829	GET / HTTP/1.0
	830	If-None-Match: 5
	831	If-None-Match: 4
	832	EOF
	833	);
	834	@response = ( { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } );
	835	ok(handle_http == 0, 'Duplicate If-None-Match headers');
	836
	837	@request = ( <<EOF
	838	GET / HTTP/1.0
	839	If-Modified-Since: 5
	840	If-Modified-Since: 4
	841	EOF
	842	);
	843	@response = ( { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } );
	844	ok(handle_http == 0, 'Duplicate If-Modified-Since headers');
	845
	846
767	847
768	848

Context Navigation

Changeset 60

Legend:

trunk/configure.in

trunk/src/request.c

trunk/tests/run-tests.pl

Download in other formats: