projects / m6w6 / ext-http / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree | github
raw | patch | inline | side by side (from parent 1: c4c3994)
let the header parser fail more accurately
authorMichael Wallner <mike@php.net>
Mon, 16 Feb 2015 19:24:41 +0000 (20:24 +0100)
committerMichael Wallner <mike@php.net>
Mon, 16 Feb 2015 19:24:41 +0000 (20:24 +0100)
php_http_header.c patch | blob | history
php_http_header_parser.c patch | blob | history
php_http_misc.h patch | blob | history

diff --git a/php_http_header.c b/php_http_header.c
index 92a2de4e49a96c31d076a0e1e77d61534f006d85..5a9ecd3bf136c8bfde5f21f931c45032760fae17 100644 (file)
--- a/php_http_header.c
+++ b/php_http_header.c
@@ -33,12 +33,7 @@ STATUS php_http_header_parse(const char *header, size_t length, HashTable *heade
        php_http_header_parser_dtor(&ctx);
        php_http_buffer_dtor(&buf);
 
-       if (rs == PHP_HTTP_HEADER_PARSER_STATE_FAILURE) {
-               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not parse headers");
-               return FAILURE;
-       }
-       
-       return SUCCESS;
+       return rs == PHP_HTTP_HEADER_PARSER_STATE_FAILURE ? FAILURE : SUCCESS;
 }
 
 void php_http_header_to_callback(HashTable *headers, zend_bool crlf, php_http_pass_format_callback_t cb, void *cb_arg TSRMLS_DC)
diff --git a/php_http_header_parser.c b/php_http_header_parser.c
index 1beaaa61db7369034e7f712d986923e4c83c7487..7c611c367b256a07ef679ef7d8108b1ee4ce9e0b 100644 (file)
--- a/php_http_header_parser.c
+++ b/php_http_header_parser.c
@@ -108,6 +108,7 @@ STATUS php_http_header_parser_parse(php_http_header_parser_t *parser, php_http_b
 #endif
                switch (php_http_header_parser_state_pop(parser)) {
                        case PHP_HTTP_HEADER_PARSER_STATE_FAILURE:
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers");
                                return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE);
 
                        case PHP_HTTP_HEADER_PARSER_STATE_START: {
@@ -140,12 +141,27 @@ STATUS php_http_header_parser_parse(php_http_header_parser_t *parser, php_http_b
                                        php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_HEADER_DONE);
                                } else if ((colon = memchr(buffer->data, ':', buffer->used)) && (!eol_str || eol_str > colon)) {
                                        /* header: string */
-                                       parser->_key.str = estrndup(buffer->data, parser->_key.len = colon - buffer->data);
+                                       size_t valid_len;
+
+                                       parser->_key.len = colon - buffer->data;
+                                       parser->_key.str = estrndup(buffer->data, parser->_key.len);
+
+                                       valid_len = strspn(parser->_key.str, PHP_HTTP_HEADER_NAME_CHARS);
+                                       if (valid_len != parser->_key.len) {
+                                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parser headers: unexpected character '0x%02x' at pos %zu of '%.*s'", parser->_key.str[valid_len], valid_len+1, (int) parser->_key.len, parser->_key.str);
+                                               PTR_SET(parser->_key.str, NULL);
+                                               return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE);
+                                       }
                                        while (PHP_HTTP_IS_CTYPE(space, *++colon) && *colon != '\n' && *colon != '\r');
                                        php_http_buffer_cut(buffer, 0, colon - buffer->data);
                                        php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_VALUE);
+                               } else if (eol_str) {
+                                       /* injected new line */
+                                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected character '0x%02x' at pos %zu of '%.*s'", *eol_str, eol_str - buffer->data, (int) buffer->used, buffer->data);
+                                       return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE);
                                } else if (flags & PHP_HTTP_HEADER_PARSER_CLEANUP) {
                                        /* neither reqeust/response line nor header: string */
+                                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected end of input at pos %zu of '%.*s'", buffer->used, (int) buffer->used, buffer->data);
                                        return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE);
                                } else {
                                        /* keep feeding */
@@ -255,7 +271,8 @@ php_http_header_parser_state_t php_http_header_parser_parse_stream(php_http_head
        while (1) {
                size_t justread = 0;
 #if DBG_PARSER
-               fprintf(stderr, "#SHP: %s (f:%u)\n", php_http_message_parser_state_name(state), flags);
+               const char *states[] = {"START", "KEY", "VALUE", "VALUE_EX", "HEADER_DONE", "DONE"};
+               fprintf(stderr, "#SHP: %s (f:%u)\n", states[state], flags);
 #endif
                /* resize if needed */
                if (buf->free < 0x1000) {
diff --git a/php_http_misc.h b/php_http_misc.h
index 8e901da3c135e546ebb8f7b6bb239be6756c8a92..cf00f24ef5a71e3d3b21c1a8e0283f2c439e8b97 100644 (file)
--- a/php_http_misc.h
+++ b/php_http_misc.h
@@ -27,6 +27,9 @@
 /* send buffer size */
 #define PHP_HTTP_SENDBUF_SIZE 40960
 
+/* allowed characters of header field names */
+#define PHP_HTTP_HEADER_NAME_CHARS "!#$%&'*+-.^_`|~1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+
 /* SLEEP */
 
 #define PHP_HTTP_DIFFSEC (0.001)
Extended HTTP Support