On Thu, Jun 30, 2016 at 10:58 AM, Poul-Henning Kamp <phk@freebsd.org> wrote:
>
> commit 0577f3fba200e45c05099427eec01610ee061436
> Author: Poul-Henning Kamp <phk@FreeBSD.org>
> Date: Thu Jun 30 08:56:22 2016 +0000
>
> RFC7230/3.2.4 compliance.
I'm confused about 3.2.4 compliance, when we have a simple grammar to
follow in 3.2:
header-field = field-name ":" OWS field-value OWS
field-name = token
[...]
There is clearly nothing allowed between the semi-colon and the field-name.
> diff --git a/bin/varnishd/http1/cache_http1_proto.c b/bin/varnishd/http1/cache_http1_proto.c
> index f5dbe53..a6934e7 100644
> --- a/bin/varnishd/http1/cache_http1_proto.c
> +++ b/bin/varnishd/http1/cache_http1_proto.c
> @@ -185,6 +185,18 @@ http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc,
> (int)(q - p > 20 ? 20 : q - p), p);
> return (400);
> }
> +
> + for (; p < q; p++) {
> + if (vct_islws(*p)) {
> + VSLb(hp->vsl, SLT_BogoHeader,
> + "Space in header '%.*s'",
> + (int)Tlen(hp->hd[hp->nhd - 1]),
> + hp->hd[hp->nhd - 1].b);
> + return (400);
> + }
> + if (*p == ':')
> + break;
> + }
The grammar for a token (3.2.6) is very straightforward and doesn't
require any kind of jumping/backtracking in the text. I can be
effectively checked in a single loop and that would take care of
spaces too.
Should I send a patch that performs the grammar check and fails with
an "Invalid field-name in header ..." message instead?
Cheers
_______________________________________________
varnish-dev mailing list
varnish-dev@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
>
> commit 0577f3fba200e45c05099427eec01610ee061436
> Author: Poul-Henning Kamp <phk@FreeBSD.org>
> Date: Thu Jun 30 08:56:22 2016 +0000
>
> RFC7230/3.2.4 compliance.
I'm confused about 3.2.4 compliance, when we have a simple grammar to
follow in 3.2:
header-field = field-name ":" OWS field-value OWS
field-name = token
[...]
There is clearly nothing allowed between the semi-colon and the field-name.
> diff --git a/bin/varnishd/http1/cache_http1_proto.c b/bin/varnishd/http1/cache_http1_proto.c
> index f5dbe53..a6934e7 100644
> --- a/bin/varnishd/http1/cache_http1_proto.c
> +++ b/bin/varnishd/http1/cache_http1_proto.c
> @@ -185,6 +185,18 @@ http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc,
> (int)(q - p > 20 ? 20 : q - p), p);
> return (400);
> }
> +
> + for (; p < q; p++) {
> + if (vct_islws(*p)) {
> + VSLb(hp->vsl, SLT_BogoHeader,
> + "Space in header '%.*s'",
> + (int)Tlen(hp->hd[hp->nhd - 1]),
> + hp->hd[hp->nhd - 1].b);
> + return (400);
> + }
> + if (*p == ':')
> + break;
> + }
The grammar for a token (3.2.6) is very straightforward and doesn't
require any kind of jumping/backtracking in the text. I can be
effectively checked in a single loop and that would take care of
spaces too.
Should I send a patch that performs the grammar check and fails with
an "Invalid field-name in header ..." message instead?
Cheers
_______________________________________________
varnish-dev mailing list
varnish-dev@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev