* [PATCH 1/2] http: reject non-chunked Transfer-Encoding
2020-03-17 6:56 5% [PATCH 0/2] improve RFC 7230 conformance Eric Wong
@ 2020-03-17 6:56 7% ` Eric Wong
0 siblings, 0 replies; 2+ results
From: Eric Wong @ 2020-03-17 6:56 UTC (permalink / raw)
To: cmogstored-public
RFC 7230 3.3.3, point 3 states:
> If a Transfer-Encoding header field
> is present in a request and the chunked transfer coding is not
> the final encoding, the message body length cannot be determined
> reliably; the server MUST respond with the 400 (Bad Request)
> status code and then close the connection.
And no MogileFS client is known to send "gzip", "deflate", or
"compress" as part of the Transfer-Encoding, so we'll only
accept "chunked".
---
http_parser.rl | 6 +++++-
test/http-parser-1.c | 9 +++++++++
test/http_put.rb | 11 +++++++++++
3 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/http_parser.rl b/http_parser.rl
index 9f848b0..0685d27 100644
--- a/http_parser.rl
+++ b/http_parser.rl
@@ -112,7 +112,11 @@ static char *skip_header(struct mog_http *http, char *buf, const char *pe)
}
eor @ { http->_p.has_range = 1; };
transfer_encoding_chunked = "Transfer-Encoding:"i sep
- "chunked"i eor > { http->_p.chunked = 1; };
+ # XXX we don't know how to deal with "gzip", "deflate", or
+ # "compress" as described in RFC 7230, so reject them, here.
+ "chunked"i
+ $! { errno = EINVAL; fbreak; }
+ eor @ { http->_p.chunked = 1; };
trailer = "Trailer:"i sep
(("Content-MD5"i @ { http->_p.has_md5 = 1; })
| header_name | ',')
diff --git a/test/http-parser-1.c b/test/http-parser-1.c
index 4b4d4f9..5c19529 100644
--- a/test/http-parser-1.c
+++ b/test/http-parser-1.c
@@ -157,6 +157,15 @@ int main(void)
&& "buffer repositioned to body start");
assert(!http->_p.usage_txt && "not a usage request");
}
+ if ("HTTP/1.1 PUT Transfer-Encoding: bogus header") {
+ buf_set("PUT /foo HTTP/1.1\r\n"
+ "Host: 127.6.6.6\r\n"
+ "Transfer-Encoding: bogus\r\n"
+ "\r\n"
+ "16\r\npartial...");
+ state = mog_http_parse(http, buf, len);
+ assert(state == MOG_PARSER_ERROR && "parser not errored");
+ }
if ("HTTP/1.1 PUT with Content-Range") {
buf_set("PUT /foo HTTP/1.1\r\n"
diff --git a/test/http_put.rb b/test/http_put.rb
index 21d65c7..0479629 100644
--- a/test/http_put.rb
+++ b/test/http_put.rb
@@ -160,6 +160,17 @@ def test_put_content_len_overflow
assert( ! File.exist?("#@tmpdir/dev666/foo") )
end
+ def test_put_bogus
+ max = 0xffffffff << 64
+ req = "PUT /dev666/foo HTTP/1.1\r\n" \
+ "Transfer-Encoding: bogus\r\n" \
+ "\r\n"
+ @client.write(req)
+ resp = @client.read
+ assert_match(%r{\AHTTP/1\.1 400 Bad Request\r\n}, resp)
+ assert( ! File.exist?("#@tmpdir/dev666/foo") )
+ end
+
def test_put_range_beg_overflow
max = 0xffffffff << 64
req = "PUT /dev666/foo HTTP/1.1\r\n" \
^ permalink raw reply related [relevance 7%]
* [PATCH 0/2] improve RFC 7230 conformance
@ 2020-03-17 6:56 5% Eric Wong
2020-03-17 6:56 7% ` [PATCH 1/2] http: reject non-chunked Transfer-Encoding Eric Wong
0 siblings, 1 reply; 2+ results
From: Eric Wong @ 2020-03-17 6:56 UTC (permalink / raw)
To: cmogstored-public
This ought to provide more consistent behavior with strange,
misbehaving clients and existing proxies, although it's probably
rare for cmogstored itself to be behind an HTTP proxy.
Eric Wong (2):
http: reject non-chunked Transfer-Encoding
http: favor chunked over Content-Length
http_parser.rl | 17 +++++++++++++++--
test/http-parser-1.c | 9 +++++++++
test/http_put.rb | 27 +++++++++++++++++++++++++++
3 files changed, 51 insertions(+), 2 deletions(-)
^ permalink raw reply [relevance 5%]
Results 1-2 of 2 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2020-03-17 6:56 5% [PATCH 0/2] improve RFC 7230 conformance Eric Wong
2020-03-17 6:56 7% ` [PATCH 1/2] http: reject non-chunked Transfer-Encoding Eric Wong
Code repositories for project(s) associated with this public inbox
https://yhbt.net/cmogstored.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).