From 21f7beb95f0a71f3bc62a91b7802ebdebcc549a0 Mon Sep 17 00:00:00 2001 From: Michael Wallner Date: Tue, 17 Feb 2015 11:19:12 +0100 Subject: [PATCH] better errors from the headers parser --- php_http_header_parser.c | 32 ++++++++++++++++++++++++-------- tests/header007.phpt | 2 +- tests/info001.phpt | 6 +++--- tests/info002.phpt | 4 ++-- 4 files changed, 30 insertions(+), 14 deletions(-) diff --git a/php_http_header_parser.c b/php_http_header_parser.c index 7c611c3..fdbac18 100644 --- a/php_http_header_parser.c +++ b/php_http_header_parser.c @@ -96,6 +96,25 @@ void php_http_header_parser_free(php_http_header_parser_t **parser) } } +/* NOTE: 'str' has to be null terminated */ +static void php_http_header_parser_error(size_t valid_len, char *str, size_t len, const char *eol_str TSRMLS_DC) +{ + int escaped_len; + char *escaped_str; + + escaped_str = php_addcslashes(str, len, &escaped_len, 0, ZEND_STRL("\x0..\x1F\x7F..\xFF") TSRMLS_CC); + + if (valid_len != len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected character '\\%03o' at pos %zu of '%.*s'", str[valid_len], valid_len, escaped_len, escaped_str); + } else if (eol_str) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected character '\\%03o' at pos %zu of '%.*s'", *eol_str, eol_str - str, escaped_len, escaped_str); + } else { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected end of input at pos %zu of '%.*s'", len, escaped_len, escaped_str); + } + + efree(escaped_str); +} + STATUS php_http_header_parser_parse(php_http_header_parser_t *parser, php_http_buffer_t *buffer, unsigned flags, HashTable *headers, php_http_info_callback_t callback_func, void *callback_arg) { TSRMLS_FETCH_FROM_CTX(parser->ts); @@ -148,20 +167,17 @@ STATUS php_http_header_parser_parse(php_http_header_parser_t *parser, php_http_b valid_len = strspn(parser->_key.str, PHP_HTTP_HEADER_NAME_CHARS); if (valid_len != parser->_key.len) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parser headers: unexpected character '0x%02x' at pos %zu of '%.*s'", parser->_key.str[valid_len], valid_len+1, (int) parser->_key.len, parser->_key.str); + php_http_header_parser_error(valid_len, parser->_key.str, parser->_key.len, eol_str TSRMLS_CC); PTR_SET(parser->_key.str, NULL); return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE); } while (PHP_HTTP_IS_CTYPE(space, *++colon) && *colon != '\n' && *colon != '\r'); php_http_buffer_cut(buffer, 0, colon - buffer->data); php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_VALUE); - } else if (eol_str) { - /* injected new line */ - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected character '0x%02x' at pos %zu of '%.*s'", *eol_str, eol_str - buffer->data, (int) buffer->used, buffer->data); - return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE); - } else if (flags & PHP_HTTP_HEADER_PARSER_CLEANUP) { - /* neither reqeust/response line nor header: string */ - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected end of input at pos %zu of '%.*s'", buffer->used, (int) buffer->used, buffer->data); + } else if (eol_str || (flags & PHP_HTTP_HEADER_PARSER_CLEANUP)) { + /* neither reqeust/response line nor 'header:' string, or injected new line or NUL etc. */ + php_http_buffer_fix(buffer); + php_http_header_parser_error(strspn(buffer->data, PHP_HTTP_HEADER_NAME_CHARS), buffer->data, buffer->used, eol_str TSRMLS_CC); return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE); } else { /* keep feeding */ diff --git a/tests/header007.phpt b/tests/header007.phpt index aa91901..d565e79 100644 --- a/tests/header007.phpt +++ b/tests/header007.phpt @@ -17,5 +17,5 @@ Done --EXPECTF-- Test -Warning: http\Header::parse(): Could not parse headers in %s on line %d +Warning: http\Header::parse(): Failed to parse headers: unexpected character '\012' at pos 4 of 'wass\nup' in %s on line %d Done diff --git a/tests/info001.phpt b/tests/info001.phpt index 370d70e..8209669 100644 --- a/tests/info001.phpt +++ b/tests/info001.phpt @@ -24,15 +24,15 @@ var_dump(new http\Message("GET / HTTP/1.1")); ?> DONE --EXPECTF-- -exception 'http\Exception\BadMessageException' with message 'Could not parse message: GET HTTP/1.1' in %s +exception 'http\Exception\BadMessageException' with message 'http\Message::__construct(): Failed to parse headers: unexpected character '\040' at pos 3 of 'GET HTTP/1.1'' in %s Stack trace: #0 %s: http\Message->__construct('GET HTTP/1.1') #1 {main} -exception 'http\Exception\BadMessageException' with message 'Could not parse message: GET HTTP/1.123' in %s +exception 'http\Exception\BadMessageException' with message 'http\Message::__construct(): Failed to parse headers: unexpected character '\040' at pos 3 of 'GET HTTP/1.123'' in %s Stack trace: #0 %s: http\Message->__construct('GET HTTP/1.123') #1 {main} -exception 'http\Exception\BadMessageException' with message 'Could not parse message: GETHTTP/1.1' in %s +exception 'http\Exception\BadMessageException' with message 'http\Message::__construct(): Failed to parse headers: unexpected character '\057' at pos 7 of 'GETHTTP/1.1'' %s Stack trace: #0 %s: http\Message->__construct('GETHTTP/1.1') #1 {main} diff --git a/tests/info002.phpt b/tests/info002.phpt index 41bd7b4..72690e4 100644 --- a/tests/info002.phpt +++ b/tests/info002.phpt @@ -32,13 +32,13 @@ echo new http\Message("CONNECT www.example.org:80 HTTP/1.1"); ===DONE=== --EXPECTF-- Test -exception 'http\Exception\BadMessageException' with message 'Could not parse message: HTTP/1.1 99 Apples in my ' in %sinfo002.php:%d +exception 'http\Exception\BadMessageException' with message 'http\Message::__construct(): Failed to parse headers: unexpected character '\057' at pos 4 of 'HTTP/1.1 99 Apples in my Basket'' in %sinfo002.php:%d Stack trace: #0 %sinfo002.php(%d): http\Message->__construct('HTTP/1.1 99 App...') #1 %sinfo002.php(%d): {closure}() #2 %sinfo002.php(%d): trap(Object(Closure)) #3 {main} -exception 'http\Exception\BadMessageException' with message 'Could not parse message: CONNECT HTTP/1.1' in %sinfo002.php:%d +exception 'http\Exception\BadMessageException' with message 'http\Message::__construct(): Failed to parse headers: unexpected character '\040' at pos 7 of 'CONNECT HTTP/1.1'' in %sinfo002.php:%d Stack trace: #0 %sinfo002.php(%d): http\Message->__construct('CONNECT HTTP/1....') #1 %sinfo002.php(%d): {closure}() -- 2.30.2