buf->terminate(); // does not affect content size
// find the end of headers
- // TODO: Remove? httpReplyParseStep() should do similar checks
const size_t hdr_len = headersEnd(buf->content(), buf->contentSize());
+ // sanity check the start line to see if this is in fact an HTTP message
+ if (!sanityCheckStartLine(buf, hdr_len, error)) {
+ debugs(58,1, HERE << "first line of HTTP message is invalid");
+ // NP: sanityCheck sets *error
+ return false;
+ }
+
// TODO: move to httpReplyParseStep()
if (hdr_len > Config.maxReplyHeaderSize || (hdr_len <= 0 && (size_t)buf->contentSize() > Config.maxReplyHeaderSize)) {
- debugs(58, 1, "HttpMsg::parse: Too large reply header (" <<
- hdr_len << " > " << Config.maxReplyHeaderSize);
+ debugs(58, 1, "HttpMsg::parse: Too large reply header (" << hdr_len << " > " << Config.maxReplyHeaderSize);
*error = HTTP_HEADER_TOO_LARGE;
return false;
}
if (hdr_len <= 0) {
- debugs(58, 3, "HttpMsg::parse: failed to find end of headers " <<
- "(eof: " << eof << ") in '" << buf->content() << "'");
+ debugs(58, 3, "HttpMsg::parse: failed to find end of headers (eof: " << eof << ") in '" << buf->content() << "'");
if (eof) // iff we have seen the end, this is an error
*error = HTTP_INVALID_HEADER;
return false;
}
- if (!sanityCheckStartLine(buf, error)) {
- debugs(58,1, HERE << "first line of HTTP message is invalid");
- *error = HTTP_INVALID_HEADER;
- return false;
- }
-
const int res = httpMsgParseStep(buf->content(), buf->contentSize(), eof);
if (res < 0) { // error
- debugs(58, 3, "HttpMsg::parse: cannot parse isolated headers " <<
- "in '" << buf->content() << "'");
+ debugs(58, 3, "HttpMsg::parse: cannot parse isolated headers in '" << buf->content() << "'");
*error = HTTP_INVALID_HEADER;
return false;
}
if (res == 0) {
- debugs(58, 2, "HttpMsg::parse: strange, need more data near '" <<
- buf->content() << "'");
+ debugs(58, 2, "HttpMsg::parse: strange, need more data near '" << buf->content() << "'");
*error = HTTP_INVALID_HEADER;
return false; // but this should not happen due to headersEnd() above
}
assert(res > 0);
- debugs(58, 9, "HttpMsg::parse success (" << hdr_len << " bytes) " <<
- "near '" << buf->content() << "'");
+ debugs(58, 9, "HttpMsg::parse success (" << hdr_len << " bytes) near '" << buf->content() << "'");
if (hdr_sz != (int)hdr_len) {
debugs(58, 1, "internal HttpMsg::parse vs. headersEnd error: " <<
packerClean(&p);
}
-HttpMsg *
-
// use HTTPMSGLOCK() instead of calling this directly
+HttpMsg *
HttpMsg::_lock()
{
lock_count++;
void firstLineBuf(MemBuf&);
protected:
- virtual bool sanityCheckStartLine(MemBuf *buf, http_status *error) = 0;
+ /**
+ * Validate the message start line is syntactically correct.
+ * Set HTTP error status according to problems found.
+ *
+ * \retval true Status line has no serious problems.
+ * \retval false Status line has a serious problem. Correct response is indicated by error.
+ */
+ virtual bool sanityCheckStartLine(MemBuf *buf, const size_t hdr_len, http_status *error) = 0;
virtual void packFirstLineInto(Packer * p, bool full_uri) const = 0;
return content_length;
}
-bool HttpReply::sanityCheckStartLine(MemBuf *buf, http_status *error)
+/**
+ * Checks the first line of an HTTP Reply is valid.
+ * currently only checks "HTTP/" exists.
+ *
+ * NP: not all error cases are detected yet. Some are left for detection later in parse.
+ */
+bool
+HttpReply::sanityCheckStartLine(MemBuf *buf, const size_t hdr_len, http_status *error)
{
- if (buf->contentSize() >= protoPrefix.size() && protoPrefix.cmp(buf->content(), protoPrefix.size()) != 0) {
+ // hack warning: using psize instead of size here due to type mismatches with MemBuf.
+
+ // content is long enough to possibly hold a reply
+ // 4 being magic size of a 3-digit number plus space delimiter
+ if ( buf->contentSize() < (protoPrefix.psize() + 4) ) {
+ if (hdr_len > 0)
+ *error = HTTP_INVALID_HEADER;
+ return false;
+ }
+
+ // catch missing or mismatched protocol identifier
+ if (protoPrefix.cmp(buf->content(), protoPrefix.size()) != 0) {
debugs(58, 3, "HttpReply::sanityCheckStartLine: missing protocol prefix (" << protoPrefix.buf() << ") in '" << buf->content() << "'");
*error = HTTP_INVALID_HEADER;
return false;
}
+ // catch missing or negative status value (negative '-' is not a digit)
+ int pos = protoPrefix.psize();
+
+ // skip arbitrary number of digits and a dot in the verion portion
+ while ( pos <= buf->contentSize() && (*(buf->content()+pos) == '.' || xisdigit(*(buf->content()+pos)) ) ) ++pos;
+
+ // catch missing version info
+ if (pos == protoPrefix.psize()) {
+ debugs(58, 3, "HttpReply::sanityCheckStartLine: missing protocol version numbers (ie. " << protoPrefix << "/1.0) in '" << buf->content() << "'");
+ *error = HTTP_INVALID_HEADER;
+ return false;
+ }
+
+ // skip arbitrary number of spaces...
+ while (pos <= buf->contentSize() && (char)*(buf->content()+pos) == ' ') ++pos;
+
+ if (!xisdigit(*(buf->content()+pos))) {
+ debugs(58, 3, "HttpReply::sanityCheckStartLine: missing or invalid status number in '" << buf->content() << "'");
+ *error = HTTP_INVALID_HEADER;
+ return false;
+ }
+
return true;
}
//virtual void unlock(); // only needed for debugging
// returns true on success
- // returns false and sets *error to zero when needs more data
+ // returns false and leaves *error unchanged when needs more data
// returns false and sets *error to a positive http_status code on error
- virtual bool sanityCheckStartLine(MemBuf *buf, http_status *error);
+ virtual bool sanityCheckStartLine(MemBuf *buf, const size_t hdr_len, http_status *error);
/* public, readable; never update these or their .hdr equivalents directly */
time_t date;
init();
}
+/**
+ * Checks the first line of an HTTP request is valid
+ * currently just checks the request method is present.
+ *
+ * NP: Other errors are left for detection later in the parse.
+ */
bool
-HttpRequest::sanityCheckStartLine(MemBuf *buf, http_status *error)
+HttpRequest::sanityCheckStartLine(MemBuf *buf, const size_t hdr_len, http_status *error)
{
- /*
- * Just see if the request buffer starts with a known
- * HTTP request method. NOTE this whole function is somewhat
- * superfluous and could just go away.
- */
+ // content is long enough to possibly hold a reply
+ // 2 being magic size of a 1-byte request method plus space delimiter
+ if ( buf->contentSize() < 2 ) {
+ // this is ony a real error if the headers apparently complete.
+ if (hdr_len > 0) {
+ *error = HTTP_INVALID_HEADER;
+ }
+ return false;
+ }
+ /* See if the request buffer starts with a known HTTP request method. */
if (METHOD_NONE == HttpRequestMethod(buf->content())) {
debugs(73, 3, "HttpRequest::sanityCheckStartLine: did not find HTTP request method");
+ *error = HTTP_INVALID_HEADER;
return false;
}
protected:
virtual void packFirstLineInto(Packer * p, bool full_uri) const;
- virtual bool sanityCheckStartLine(MemBuf *buf, http_status *error);
+ virtual bool sanityCheckStartLine(MemBuf *buf, const size_t hdr_len, http_status *error);
virtual void hdrCacheInit();
}
bool
-HttpReply::sanityCheckStartLine(MemBuf *buf, http_status *error)
+HttpReply::sanityCheckStartLine(MemBuf *buf, const size_t hdr_len, http_status *error)
{
fatal ("Not implemented");
return false;
}
bool
-HttpRequest::sanityCheckStartLine(MemBuf *buf, http_status *error)
+HttpRequest::sanityCheckStartLine(MemBuf *buf, const size_t hdr_len, http_status *error)
{
fatal("Not implemented");
return false;
projects / thirdparty / squid.git / commitdiff
