X-Git-Url: https://git.m6w6.name/?p=m6w6%2Fext-http;a=blobdiff_plain;f=php_http_header_parser.c;h=f5b88f412f627d796735a5a2ecd19e0c80d2aa6f;hp=7c611c367b256a07ef679ef7d8108b1ee4ce9e0b;hb=b62c3811cac715f7a0e668ee864d57fd730b47b3;hpb=f8659025a8e2442acfd90417ae849eb98c0b927a

diff --git a/php_http_header_parser.c b/php_http_header_parser.c
index 7c611c3..f5b88f4 100644
--- a/php_http_header_parser.c
+++ b/php_http_header_parser.c
@@ -96,6 +96,25 @@ void php_http_header_parser_free(php_http_header_parser_t **parser)
 	}
 }
 
+/* NOTE: 'str' has to be null terminated */
+static void php_http_header_parser_error(size_t valid_len, char *str, size_t len, const char *eol_str TSRMLS_DC)
+{
+	int escaped_len;
+	char *escaped_str;
+
+	escaped_str = php_addcslashes(str, len, &escaped_len, 0, ZEND_STRL("\x0..\x1F\x7F..\xFF") TSRMLS_CC);
+
+	if (valid_len != len && (!eol_str || (str+valid_len) != eol_str)) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected character '\\%03o' at pos %zu of '%.*s'", str[valid_len], valid_len, escaped_len, escaped_str);
+	} else if (eol_str) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected end of line at pos %zu of '%.*s'", eol_str - str, escaped_len, escaped_str);
+	} else {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected end of input at pos %zu of '%.*s'", len, escaped_len, escaped_str);
+	}
+
+	efree(escaped_str);
+}
+
 STATUS php_http_header_parser_parse(php_http_header_parser_t *parser, php_http_buffer_t *buffer, unsigned flags, HashTable *headers, php_http_info_callback_t callback_func, void *callback_arg)
 {
 	TSRMLS_FETCH_FROM_CTX(parser->ts);
@@ -148,20 +167,17 @@ STATUS php_http_header_parser_parse(php_http_header_parser_t *parser, php_http_b
 
 					valid_len = strspn(parser->_key.str, PHP_HTTP_HEADER_NAME_CHARS);
 					if (valid_len != parser->_key.len) {
-						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parser headers: unexpected character '0x%02x' at pos %zu of '%.*s'", parser->_key.str[valid_len], valid_len+1, (int) parser->_key.len, parser->_key.str);
+						php_http_header_parser_error(valid_len, parser->_key.str, parser->_key.len, eol_str TSRMLS_CC);
 						PTR_SET(parser->_key.str, NULL);
 						return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE);
 					}
 					while (PHP_HTTP_IS_CTYPE(space, *++colon) && *colon != '\n' && *colon != '\r');
 					php_http_buffer_cut(buffer, 0, colon - buffer->data);
 					php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_VALUE);
-				} else if (eol_str) {
-					/* injected new line */
-					php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected character '0x%02x' at pos %zu of '%.*s'", *eol_str, eol_str - buffer->data, (int) buffer->used, buffer->data);
-					return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE);
-				} else if (flags & PHP_HTTP_HEADER_PARSER_CLEANUP) {
-					/* neither reqeust/response line nor header: string */
-					php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected end of input at pos %zu of '%.*s'", buffer->used, (int) buffer->used, buffer->data);
+				} else if (eol_str || (flags & PHP_HTTP_HEADER_PARSER_CLEANUP)) {
+					/* neither reqeust/response line nor 'header:' string, or injected new line or NUL etc. */
+					php_http_buffer_fix(buffer);
+					php_http_header_parser_error(strspn(buffer->data, PHP_HTTP_HEADER_NAME_CHARS), buffer->data, buffer->used, eol_str TSRMLS_CC);
 					return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE);
 				} else {
 					/* keep feeding */
@@ -230,6 +246,17 @@ STATUS php_http_header_parser_parse(php_http_header_parser_t *parser, php_http_b
 			case PHP_HTTP_HEADER_PARSER_STATE_HEADER_DONE:
 				if (parser->_key.str && parser->_val.str) {
 					zval array, **exist;
+					size_t valid_len = strlen(parser->_val.str);
+
+					/* check for truncation */
+					if (valid_len != parser->_val.len) {
+						php_http_header_parser_error(valid_len, parser->_val.str, parser->_val.len, NULL TSRMLS_CC);
+
+						PTR_SET(parser->_key.str, NULL);
+						PTR_SET(parser->_val.str, NULL);
+
+						return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE);
+					}
 
 					if (!headers && callback_func) {
 						callback_func(callback_arg, &headers, NULL TSRMLS_CC);
@@ -262,7 +289,7 @@ STATUS php_http_header_parser_parse(php_http_header_parser_t *parser, php_http_b
 
 php_http_header_parser_state_t php_http_header_parser_parse_stream(php_http_header_parser_t *parser, php_http_buffer_t *buf, php_stream *s, unsigned flags, HashTable *headers, php_http_info_callback_t callback_func, void *callback_arg)
 {
-	php_http_message_parser_state_t state = PHP_HTTP_MESSAGE_PARSER_STATE_START;
+	php_http_header_parser_state_t state = PHP_HTTP_HEADER_PARSER_STATE_START;
 	TSRMLS_FETCH_FROM_CTX(parser->ts);
 
 	if (!buf->data) {