simon/tiny_httpd
1
0
Fork 0
mirror of https://github.com/c-cube/tiny_httpd.git synced 2025-12-06 11:15:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix parsing: stricter checks for CRLF

Browse source
This commit is contained in:
Simon Cruanes 2024-10-13 20:42:26 -04:00
parent 3dd2a480db
commit d38eb852f8
No known key found for this signature in database
GPG key ID: EBFFF6F283F3A2B4
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/core/headers.ml
View file

@ -50,7 +50,10 @@ let parse_ ~(buf : Buf.t) (bs : IO.Input.t) : t =
let rec loop acc =
match IO.Input.read_line_using_opt ~buf bs with
| None -> raise End_of_file
| Some "" -> assert false
| Some "\r" -> acc
| Some line when line.[String.length line - 1] <> '\r' ->
bad_reqf 400 "bad header line, not ended in CRLF"
| Some line ->
let k, v =
try

3
src/core/request.ml
View file

@ -110,6 +110,9 @@ let parse_req_start ~client_addr ~get_time_s ~buf (bs : IO.Input.t) :
try
let line = IO.Input.read_line_using ~buf bs in
Log.debug (fun k -> k "parse request line: %S" line);
if line <> "" && line.[String.length line - 1] <> '\r' then
bad_reqf 400 "invalid status line, not ending in CRLF";
let start_time = get_time_s () in
let meth, path, version =
try