diff options
| author | Ben Noordhuis <info@bnoordhuis.nl> | 2013-08-21 03:33:20 +0200 |
|---|---|---|
| committer | Ben Noordhuis <info@bnoordhuis.nl> | 2013-08-21 03:40:43 +0200 |
| commit | 8d42c6344b7a96dbb42dd65e01617028d05d413a (patch) | |
| tree | c0ee8a0185053d65a68057931ef32f39c820ebcb /deps | |
| parent | af6a2339c56e89d7cf999cd64a69842a531c05dc (diff) | |
| download | node-8d42c6344b7a96dbb42dd65e01617028d05d413a.tar.gz | |
deps: upgrade http_parser to 303c4e4
Upgrade to joyent/http-parser@303c4e4. Changes:
* Do not accept PUN/GEM methods as PUT/GET.
* Further request method check strengthening.
Diffstat (limited to 'deps')
| -rw-r--r-- | deps/http_parser/http_parser.c | 21 | ||||
| -rw-r--r-- | deps/http_parser/test.c | 18 |
2 files changed, 30 insertions, 9 deletions
diff --git a/deps/http_parser/http_parser.c b/deps/http_parser/http_parser.c index 5e0a950a6..55d771622 100644 --- a/deps/http_parser/http_parser.c +++ b/deps/http_parser/http_parser.c @@ -936,6 +936,7 @@ size_t http_parser_execute (http_parser *parser, } else if (parser->index == 2 && ch == 'P') { parser->method = HTTP_COPY; } else { + SET_ERRNO(HPE_INVALID_METHOD); goto error; } } else if (parser->method == HTTP_MKCOL) { @@ -948,12 +949,14 @@ size_t http_parser_execute (http_parser *parser, } else if (parser->index == 2 && ch == 'A') { parser->method = HTTP_MKACTIVITY; } else { + SET_ERRNO(HPE_INVALID_METHOD); goto error; } } else if (parser->method == HTTP_SUBSCRIBE) { if (parser->index == 1 && ch == 'E') { parser->method = HTTP_SEARCH; } else { + SET_ERRNO(HPE_INVALID_METHOD); goto error; } } else if (parser->index == 1 && parser->method == HTTP_POST) { @@ -964,13 +967,27 @@ size_t http_parser_execute (http_parser *parser, } else if (ch == 'A') { parser->method = HTTP_PATCH; } else { + SET_ERRNO(HPE_INVALID_METHOD); goto error; } } else if (parser->index == 2) { if (parser->method == HTTP_PUT) { - if (ch == 'R') parser->method = HTTP_PURGE; + if (ch == 'R') { + parser->method = HTTP_PURGE; + } else { + SET_ERRNO(HPE_INVALID_METHOD); + goto error; + } } else if (parser->method == HTTP_UNLOCK) { - if (ch == 'S') parser->method = HTTP_UNSUBSCRIBE; + if (ch == 'S') { + parser->method = HTTP_UNSUBSCRIBE; + } else { + SET_ERRNO(HPE_INVALID_METHOD); + goto error; + } + } else { + SET_ERRNO(HPE_INVALID_METHOD); + goto error; } } else if (parser->index == 4 && parser->method == HTTP_PROPFIND && ch == 'P') { parser->method = HTTP_PROPPATCH; diff --git a/deps/http_parser/test.c b/deps/http_parser/test.c index 81e0c3bdd..46d817bb3 100644 --- a/deps/http_parser/test.c +++ b/deps/http_parser/test.c @@ -3117,14 +3117,8 @@ main (void) /// REQUESTS - test_simple("hello world", HPE_INVALID_METHOD); test_simple("GET / HTP/1.1\r\n\r\n", HPE_INVALID_VERSION); - - test_simple("ASDF / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD); - test_simple("PROPPATCHA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD); - test_simple("GETA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD); - // Well-formed but incomplete test_simple("GET / HTTP/1.1\r\n" "Content-Type: text/plain\r\n" @@ -3167,13 +3161,23 @@ main (void) } static const char *bad_methods[] = { + "ASDF", "C******", + "COLA", + "GEM", + "GETA", "M****", + "MKCOLA", + "PROPPATCHA", + "PUN", + "PX", + "SA", + "hello world", 0 }; for (this_method = bad_methods; *this_method; this_method++) { char buf[200]; sprintf(buf, "%s / HTTP/1.1\r\n\r\n", *this_method); - test_simple(buf, HPE_UNKNOWN); + test_simple(buf, HPE_INVALID_METHOD); } const char *dumbfuck2 = |