better error message

author Michael Wallner <mike@php.net>

Tue, 17 Feb 2015 13:02:45 +0000 (14:02 +0100)

committer Michael Wallner <mike@php.net>

Tue, 17 Feb 2015 13:02:45 +0000 (14:02 +0100)
author Michael Wallner <mike@php.net>
Tue, 17 Feb 2015 13:02:45 +0000 (14:02 +0100)
committer Michael Wallner <mike@php.net>
Tue, 17 Feb 2015 13:02:45 +0000 (14:02 +0100)
diff --git a/php_http_header_parser.c b/php_http_header_parser.c

index fdbac18698572bee89d2c316d2405a833b04363b..cea2dbfa67e5a5e09e535327241cfe8f81032fce 100644 (file)
--- a/php_http_header_parser.c
+++ b/php_http_header_parser.c
@@ -104,10 +104,10 @@ static void php_http_header_parser_error(size_t valid_len, char *str, size_t len
  
         escaped_str = php_addcslashes(str, len, &escaped_len, 0, ZEND_STRL("\x0..\x1F\x7F..\xFF") TSRMLS_CC);
  
-       if (valid_len != len) {
+       if (valid_len != len && (!eol_str || (str+valid_len) != eol_str)) {
                 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected character '\\%03o' at pos %zu of '%.*s'", str[valid_len], valid_len, escaped_len, escaped_str);
         } else if (eol_str) {
-               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected character '\\%03o' at pos %zu of '%.*s'", *eol_str, eol_str - str, escaped_len, escaped_str);
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected end of line at pos %zu of '%.*s'", eol_str - str, escaped_len, escaped_str);
         } else {
                 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected end of input at pos %zu of '%.*s'", len, escaped_len, escaped_str);
         }
@@ -246,6 +246,17 @@ STATUS php_http_header_parser_parse(php_http_header_parser_t *parser, php_http_b
                         case PHP_HTTP_HEADER_PARSER_STATE_HEADER_DONE:
                                 if (parser->_key.str && parser->_val.str) {
                                         zval array, **exist;
+                                       size_t valid_len = strlen(parser->_val.str);
+
+                                       /* check for truncation */
+                                       if (valid_len != parser->_val.len) {
+                                               php_http_header_parser_error(valid_len, parser->_val.str, parser->_val.len, NULL TSRMLS_CC);
+
+                                               PTR_SET(parser->_key.str, NULL);
+                                               PTR_SET(parser->_val.str, NULL);
+
+                                               return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE);
+                                       }
  
                                         if (!headers && callback_func) {
                                                 callback_func(callback_arg, &headers, NULL TSRMLS_CC);
diff --git a/tests/header007.phpt b/tests/header007.phpt

index d565e79192d7205b22498dbe935278c08ad6c6fb..7fb4dd1141a7dc01174d842903677bb13200b796 100644 (file)
--- a/tests/header007.phpt
+++ b/tests/header007.phpt
@@ -17,5 +17,5 @@ Done
  --EXPECTF--
  Test
  
-Warning: http\Header::parse(): Failed to parse headers: unexpected character '\012' at pos 4 of 'wass\nup' in %s on line %d
+Warning: http\Header::parse(): Failed to parse headers: unexpected end of line at pos 4 of 'wass\nup' in %s on line %d
  Done
author	Michael Wallner <mike@php.net>
	Tue, 17 Feb 2015 13:02:45 +0000 (14:02 +0100)
committer	Michael Wallner <mike@php.net>
	Tue, 17 Feb 2015 13:02:45 +0000 (14:02 +0100)
php_http_header_parser.c		patch \| blob \| history
tests/header007.phpt		patch \| blob \| history