From: Stephan Bosch Date: Thu, 27 Jul 2017 14:34:34 +0000 (+0200) Subject: lib-http: message parser: Reject messages with invalid Date header when HTTP_MESSAGE_... X-Git-Tag: 2.3.0.rc1~1204 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d577bb9027e4ceb19ada88d6884265efa5e16b15;p=thirdparty%2Fdovecot%2Fcore.git lib-http: message parser: Reject messages with invalid Date header when HTTP_MESSAGE_PARSE_FLAG_STRICT flag is enabled. --- diff --git a/src/lib-http/http-message-parser.c b/src/lib-http/http-message-parser.c index 9566f0f188..388763d156 100644 --- a/src/lib-http/http-message-parser.c +++ b/src/lib-http/http-message-parser.c @@ -229,7 +229,12 @@ http_message_parse_header(struct http_message_parser *parser, Date = HTTP-date */ - (void)http_date_parse(data, size, &parser->msg.date); + if (!http_date_parse(data, size, &parser->msg.date) && + (parser->flags & HTTP_MESSAGE_PARSE_FLAG_STRICT) != 0) { + parser->error = "Invalid Date header"; + parser->error_code = HTTP_MESSAGE_PARSE_ERROR_BROKEN_MESSAGE; + return -1; + } return 0; } break; diff --git a/src/lib-http/test-http-request-parser.c b/src/lib-http/test-http-request-parser.c index f02b06de77..38a07997c8 100644 --- a/src/lib-http/test-http-request-parser.c +++ b/src/lib-http/test-http-request-parser.c @@ -142,6 +142,18 @@ valid_request_parse_tests[] = { }, .version_major = 1, .version_minor = 1, .expect_100_continue = TRUE + },{ .request = + "GET / HTTP/1.1\r\n" + "Date: Mon, 09 Kul 2018 02:24:29 GMT\r\n" + "Host: example.com\r\n" + "\r\n", + .method = "GET", + .target_raw = "/", + .target = { + .format = HTTP_REQUEST_TARGET_FORMAT_ORIGIN, + .url = { .host = { .name = "example.com" } } + }, + .version_major = 1, .version_minor = 1, },{ .request = "GET / HTTP/1.1\r\n" "Date: Sun, 07 Oct 2012 19:52:03 GMT\r\n" @@ -371,6 +383,14 @@ invalid_request_parse_tests[] = { "Transfer-Encoding: cuneiform, chunked\r\n" "\r\n", .error_code = HTTP_REQUEST_PARSE_ERROR_NOT_IMPLEMENTED + },{ + .request = + "GET / HTTP/1.1\r\n" + "Date: Mon, 09 Kul 2018 02:24:29 GMT\r\n" + "Host: example.com\r\n" + "\r\n", + .flags = HTTP_REQUEST_PARSE_FLAG_STRICT, + .error_code = HTTP_REQUEST_PARSE_ERROR_BROKEN_REQUEST },{ .request = "GET / HTTP/1.1\r\n" diff --git a/src/lib-http/test-http-response-parser.c b/src/lib-http/test-http-response-parser.c index ddfc9875fe..35296dac5f 100644 --- a/src/lib-http/test-http-response-parser.c +++ b/src/lib-http/test-http-response-parser.c @@ -54,6 +54,13 @@ static const struct valid_parse_test_response valid_responses3[] = { }; static const struct valid_parse_test_response valid_responses4[] = { + { + .status = 200, + .payload = "Invalid date header" + } +}; + +static const struct valid_parse_test_response valid_responses5[] = { { .status = 200, .payload = "Duplicate headers" @@ -121,6 +128,18 @@ valid_response_parse_tests[] = { "Frop!", .responses = valid_responses3, .responses_count = N_ELEMENTS(valid_responses3) + },{ + .input = + "HTTP/1.1 200 OK\r\n" + "Date: Sun, 07 Ocu 2012 19:52:03 GMT\r\n" + "Content-Length: 19\r\n" + "Keep-Alive: timeout=15, max=99\r\n" + "Connection: Keep-Alive\r\n" + "Date: Sun, 13 Oct 2013 13:13:13 GMT\r\n" + "\r\n" + "Invalid date header", + .responses = valid_responses4, + .responses_count = N_ELEMENTS(valid_responses4) },{ .input = "HTTP/1.1 200 OK\r\n" @@ -133,8 +152,8 @@ valid_response_parse_tests[] = { "Date: Sun, 13 Oct 2013 13:13:13 GMT\r\n" "\r\n" "Duplicate headers", - .responses = valid_responses4, - .responses_count = N_ELEMENTS(valid_responses4) + .responses = valid_responses5, + .responses_count = N_ELEMENTS(valid_responses5) } }; @@ -261,6 +280,16 @@ static struct invalid_parse_test invalid_response_parse_tests[] = { "HTTP/1.1 302 Found\n\r" "Location: http://www.example.nl/\n\r" "Cache-Control: private\n\r" + },{ + .input = + "HTTP/1.1 200 OK\r\n" + "Date: Sun, 07 Ocu 2012 19:52:03 GMT\r\n" + "Content-Length: 19\r\n" + "Keep-Alive: timeout=15, max=99\r\n" + "Connection: Keep-Alive\r\n" + "\r\n" + "Invalid date header", + .flags = HTTP_RESPONSE_PARSE_FLAG_STRICT },{ .input = "HTTP/1.1 200 OK\r\n"