Skip to content
This repository was archived by the owner on Nov 6, 2022. It is now read-only.

Commit ddfa1b3

Browse files
chrisdickinsonbnoordhuis
chrisdickinson
authored and
bnoordhuis
committed
Do not accept PUN/GEM methods as PUT/GET.
* Encountering them returns an error, `HPE_INVALID_METHOD` * Tests have been added.
1 parent ad3b631 commit ddfa1b3

2 files changed

Lines changed: 21 additions & 3 deletions

File tree

http_parser.c

Lines changed: 17 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -954,6 +954,7 @@ size_t http_parser_execute (http_parser *parser,
954954
if (parser->index == 1 && ch == 'E') {
955955
parser->method = HTTP_SEARCH;
956956
} else {
957+
SET_ERRNO(HPE_INVALID_METHOD);
957958
goto error;
958959
}
959960
} else if (parser->index == 1 && parser->method == HTTP_POST) {
@@ -964,13 +965,27 @@ size_t http_parser_execute (http_parser *parser,
964965
} else if (ch == 'A') {
965966
parser->method = HTTP_PATCH;
966967
} else {
968+
SET_ERRNO(HPE_INVALID_METHOD);
967969
goto error;
968970
}
969971
} else if (parser->index == 2) {
970972
if (parser->method == HTTP_PUT) {
971-
if (ch == 'R') parser->method = HTTP_PURGE;
973+
if (ch == 'R') {
974+
parser->method = HTTP_PURGE;
975+
} else {
976+
SET_ERRNO(HPE_INVALID_METHOD);
977+
goto error;
978+
}
972979
} else if (parser->method == HTTP_UNLOCK) {
973-
if (ch == 'S') parser->method = HTTP_UNSUBSCRIBE;
980+
if (ch == 'S') {
981+
parser->method = HTTP_UNSUBSCRIBE;
982+
} else {
983+
SET_ERRNO(HPE_INVALID_METHOD);
984+
goto error;
985+
}
986+
} else {
987+
SET_ERRNO(HPE_INVALID_METHOD);
988+
goto error;
974989
}
975990
} else if (parser->index == 4 && parser->method == HTTP_PROPFIND && ch == 'P') {
976991
parser->method = HTTP_PROPPATCH;

test.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3119,7 +3119,10 @@ main (void)
31193119

31203120
test_simple("hello world", HPE_INVALID_METHOD);
31213121
test_simple("GET / HTP/1.1\r\n\r\n", HPE_INVALID_VERSION);
3122-
3122+
test_simple("GEM / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
3123+
test_simple("PUN / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
3124+
test_simple("PX / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
3125+
test_simple("SA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
31233126

31243127
test_simple("ASDF / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);
31253128
test_simple("PROPPATCHA / HTTP/1.1\r\n\r\n", HPE_INVALID_METHOD);

0 commit comments

Comments
 (0)