From: Eric Wong <e@yhbt.net>
To: cmogstored-public@yhbt.net
Subject: [PATCH 1/2] http: reject non-chunked Transfer-Encoding
Date: Tue, 17 Mar 2020 06:56:51 +0000 [thread overview]
Message-ID: <20200317065652.10324-2-e@yhbt.net> (raw)
In-Reply-To: <20200317065652.10324-1-e@yhbt.net>
RFC 7230 3.3.3, point 3 states:
> If a Transfer-Encoding header field
> is present in a request and the chunked transfer coding is not
> the final encoding, the message body length cannot be determined
> reliably; the server MUST respond with the 400 (Bad Request)
> status code and then close the connection.
And no MogileFS client is known to send "gzip", "deflate", or
"compress" as part of the Transfer-Encoding, so we'll only
accept "chunked".
---
http_parser.rl | 6 +++++-
test/http-parser-1.c | 9 +++++++++
test/http_put.rb | 11 +++++++++++
3 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/http_parser.rl b/http_parser.rl
index 9f848b0..0685d27 100644
--- a/http_parser.rl
+++ b/http_parser.rl
@@ -112,7 +112,11 @@ static char *skip_header(struct mog_http *http, char *buf, const char *pe)
}
eor @ { http->_p.has_range = 1; };
transfer_encoding_chunked = "Transfer-Encoding:"i sep
- "chunked"i eor > { http->_p.chunked = 1; };
+ # XXX we don't know how to deal with "gzip", "deflate", or
+ # "compress" as described in RFC 7230, so reject them, here.
+ "chunked"i
+ $! { errno = EINVAL; fbreak; }
+ eor @ { http->_p.chunked = 1; };
trailer = "Trailer:"i sep
(("Content-MD5"i @ { http->_p.has_md5 = 1; })
| header_name | ',')
diff --git a/test/http-parser-1.c b/test/http-parser-1.c
index 4b4d4f9..5c19529 100644
--- a/test/http-parser-1.c
+++ b/test/http-parser-1.c
@@ -157,6 +157,15 @@ int main(void)
&& "buffer repositioned to body start");
assert(!http->_p.usage_txt && "not a usage request");
}
+ if ("HTTP/1.1 PUT Transfer-Encoding: bogus header") {
+ buf_set("PUT /foo HTTP/1.1\r\n"
+ "Host: 127.6.6.6\r\n"
+ "Transfer-Encoding: bogus\r\n"
+ "\r\n"
+ "16\r\npartial...");
+ state = mog_http_parse(http, buf, len);
+ assert(state == MOG_PARSER_ERROR && "parser not errored");
+ }
if ("HTTP/1.1 PUT with Content-Range") {
buf_set("PUT /foo HTTP/1.1\r\n"
diff --git a/test/http_put.rb b/test/http_put.rb
index 21d65c7..0479629 100644
--- a/test/http_put.rb
+++ b/test/http_put.rb
@@ -160,6 +160,17 @@ def test_put_content_len_overflow
assert( ! File.exist?("#@tmpdir/dev666/foo") )
end
+ def test_put_bogus
+ max = 0xffffffff << 64
+ req = "PUT /dev666/foo HTTP/1.1\r\n" \
+ "Transfer-Encoding: bogus\r\n" \
+ "\r\n"
+ @client.write(req)
+ resp = @client.read
+ assert_match(%r{\AHTTP/1\.1 400 Bad Request\r\n}, resp)
+ assert( ! File.exist?("#@tmpdir/dev666/foo") )
+ end
+
def test_put_range_beg_overflow
max = 0xffffffff << 64
req = "PUT /dev666/foo HTTP/1.1\r\n" \
next prev parent reply other threads:[~2020-03-17 6:56 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-17 6:56 [PATCH 0/2] improve RFC 7230 conformance Eric Wong
2020-03-17 6:56 ` Eric Wong [this message]
2020-03-17 6:56 ` [PATCH 2/2] http: favor chunked over Content-Length Eric Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://yhbt.net/cmogstored/README
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200317065652.10324-2-e@yhbt.net \
--to=e@yhbt.net \
--cc=cmogstored-public@yhbt.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhbt.net/cmogstored.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).