diff options
| author | Dan Winship <danw@src.gnome.org> | 2007-02-12 15:14:08 +0000 |
|---|---|---|
| committer | Dan Winship <danw@src.gnome.org> | 2007-02-12 15:14:08 +0000 |
| commit | ab5c0917cb39a8d7ce630b80504280f5207d7908 (patch) | |
| tree | a39f5167165f55773238f941c994de1ff0ec26b3 | |
| parent | 81f32b5bd943b95c7282935a261a07f61fda094c (diff) | |
| download | libsoup-ab5c0917cb39a8d7ce630b80504280f5207d7908.tar.gz | |
Fix this to handle "\0"-terminated status lines (eg, from WebDAV
* libsoup/soup-headers.c (soup_headers_parse_status_line): Fix
this to handle "\0"-terminated status lines (eg, from WebDAV
responses), like the docs say it does. #406997
(soup_headers_parse): Balance that out by rejecting internal "\0"s
here.
(soup_headers_parse_request, soup_headers_parse_response): Update
docs to warn that @dest may be modified even on error. (This was
always true, it just wasn't documented.)
svn path=/trunk/; revision=909
| -rw-r--r-- | ChangeLog | 11 | ||||
| -rw-r--r-- | libsoup/soup-headers.c | 17 |
2 files changed, 24 insertions, 4 deletions
@@ -1,3 +1,14 @@ +2007-02-12 Dan Winship <danw@novell.com> + + * libsoup/soup-headers.c (soup_headers_parse_status_line): Fix + this to handle "\0"-terminated status lines (eg, from WebDAV + responses), like the docs say it does. #406997 + (soup_headers_parse): Balance that out by rejecting internal "\0"s + here. + (soup_headers_parse_request, soup_headers_parse_response): Update + docs to warn that @dest may be modified even on error. (This was + always true, it just wasn't documented.) + 2007-01-16 Dan Winship <danw@novell.com> * tests/header-parsing.c (do_request_tests, do_response_tests): diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c index 3467132f..7c6122c9 100644 --- a/libsoup/soup-headers.c +++ b/libsoup/soup-headers.c @@ -23,6 +23,13 @@ soup_headers_parse (const char *str, char *name, *value, *eol, *sol; GSList *hdrs; + /* Technically, the grammar does allow NUL bytes in the + * headers, but this is probably a bug, and if it's not, we + * can't deal with them anyway. + */ + if (memchr (str, '\0', len)) + return FALSE; + /* As per RFC 2616 section 19.3, we treat '\n' as the * line terminator, and '\r', if it appears, merely as * ignorable trailing whitespace. @@ -107,6 +114,8 @@ soup_headers_parse (const char *str, * Parses the headers of an HTTP request in @str and stores the * results in @req_method, @req_path, @ver, and @dest. * + * Beware that @dest may be modified even on failure. + * * Return value: success or failure. **/ gboolean @@ -197,7 +206,7 @@ soup_headers_parse_request (const char *str, * * Parses the HTTP Status-Line string in @status_line into @ver, * @status_code, and @reason_phrase. @status_line must be terminated by - * either '\0' or '\r\n'. + * either "\0" or "\r\n". * * Return value: %TRUE if @status_line was parsed successfully. **/ @@ -235,9 +244,7 @@ soup_headers_parse_status_line (const char *status_line, phrase_start = code_end; while (*phrase_start == ' ' || *phrase_start == '\t') phrase_start++; - phrase_end = strchr (phrase_start, '\n'); - if (!phrase_end) - return FALSE; + phrase_end = phrase_start + strcspn (phrase_start, "\n"); while (phrase_end > phrase_start && (phrase_end[-1] == '\r' || phrase_end[-1] == ' ' || phrase_end[-1] == '\t')) phrase_end--; @@ -260,6 +267,8 @@ soup_headers_parse_status_line (const char *status_line, * Parses the headers of an HTTP response in @str and stores the * results in @ver, @status_code, @reason_phrase, and @dest. * + * Beware that @dest may be modified even on failure. + * * Return value: success or failure. **/ gboolean |