}
}
+/* NOTE: 'str' has to be null terminated */
+static void php_http_header_parser_error(size_t valid_len, char *str, size_t len, const char *eol_str TSRMLS_DC)
+{
+ int escaped_len;
+ char *escaped_str;
+
+ escaped_str = php_addcslashes(str, len, &escaped_len, 0, ZEND_STRL("\x0..\x1F\x7F..\xFF") TSRMLS_CC);
+
+ if (valid_len != len) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected character '\\%03o' at pos %zu of '%.*s'", str[valid_len], valid_len, escaped_len, escaped_str);
+ } else if (eol_str) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected character '\\%03o' at pos %zu of '%.*s'", *eol_str, eol_str - str, escaped_len, escaped_str);
+ } else {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected end of input at pos %zu of '%.*s'", len, escaped_len, escaped_str);
+ }
+
+ efree(escaped_str);
+}
+
STATUS php_http_header_parser_parse(php_http_header_parser_t *parser, php_http_buffer_t *buffer, unsigned flags, HashTable *headers, php_http_info_callback_t callback_func, void *callback_arg)
{
TSRMLS_FETCH_FROM_CTX(parser->ts);
#endif
switch (php_http_header_parser_state_pop(parser)) {
case PHP_HTTP_HEADER_PARSER_STATE_FAILURE:
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers");
return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE);
case PHP_HTTP_HEADER_PARSER_STATE_START: {
php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_HEADER_DONE);
} else if ((colon = memchr(buffer->data, ':', buffer->used)) && (!eol_str || eol_str > colon)) {
/* header: string */
- parser->_key.str = estrndup(buffer->data, parser->_key.len = colon - buffer->data);
+ size_t valid_len;
+
+ parser->_key.len = colon - buffer->data;
+ parser->_key.str = estrndup(buffer->data, parser->_key.len);
+
+ valid_len = strspn(parser->_key.str, PHP_HTTP_HEADER_NAME_CHARS);
+ if (valid_len != parser->_key.len) {
+ php_http_header_parser_error(valid_len, parser->_key.str, parser->_key.len, eol_str TSRMLS_CC);
+ PTR_SET(parser->_key.str, NULL);
+ return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE);
+ }
while (PHP_HTTP_IS_CTYPE(space, *++colon) && *colon != '\n' && *colon != '\r');
php_http_buffer_cut(buffer, 0, colon - buffer->data);
php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_VALUE);
- } else if (flags & PHP_HTTP_HEADER_PARSER_CLEANUP) {
- /* neither reqeust/response line nor header: string */
+ } else if (eol_str || (flags & PHP_HTTP_HEADER_PARSER_CLEANUP)) {
+ /* neither reqeust/response line nor 'header:' string, or injected new line or NUL etc. */
+ php_http_buffer_fix(buffer);
+ php_http_header_parser_error(strspn(buffer->data, PHP_HTTP_HEADER_NAME_CHARS), buffer->data, buffer->used, eol_str TSRMLS_CC);
return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE);
} else {
/* keep feeding */
while (1) {
size_t justread = 0;
#if DBG_PARSER
- fprintf(stderr, "#SHP: %s (f:%u)\n", php_http_message_parser_state_name(state), flags);
+ const char *states[] = {"START", "KEY", "VALUE", "VALUE_EX", "HEADER_DONE", "DONE"};
+ fprintf(stderr, "#SHP: %s (f:%u)\n", states[state], flags);
#endif
/* resize if needed */
if (buf->free < 0x1000) {