Skip to content

Commit

Permalink
[core] ignore empty headers unless pseudo-headers
Browse files Browse the repository at this point in the history
(thx daex)

(reported on IRC)

x-ref:
  "ignore empty headers unless HTTP/2 pseudo-headers"
  https://redmine.lighttpd.net/boards/2/topics/9720
  • Loading branch information
gstrauss committed Apr 2, 2021
1 parent 7a078f5 commit 262561f
Showing 1 changed file with 10 additions and 3 deletions.
13 changes: 10 additions & 3 deletions src/request.c
Original file line number Diff line number Diff line change
Expand Up @@ -677,9 +677,6 @@ http_request_parse_header (request_st * const restrict r, http_header_parse_ctx
if (0 == klen)
return http_request_header_line_invalid(r, 400,
"invalid header key -> 400");
if (0 == vlen)
return http_request_header_line_invalid(r, 400,
"invalid header value -> 400");

if ((hpctx->hlen += klen + vlen + 4) > hpctx->max_request_field_size) {
/*(configurable with server.max-request-field-size; default 8k)*/
Expand All @@ -705,6 +702,9 @@ http_request_parse_header (request_st * const restrict r, http_header_parse_ctx
if (!hpctx->pseudo) /*(pseudo header after non-pseudo header)*/
return http_request_header_line_invalid(r, 400,
"invalid pseudo-header -> 400");
if (0 == vlen)
return http_request_header_line_invalid(r, 400,
"invalid header value -> 400");
switch (klen-1) {
case 4:
if (0 == memcmp(k+1, "path", 4)) {
Expand Down Expand Up @@ -778,6 +778,8 @@ http_request_parse_header (request_st * const restrict r, http_header_parse_ctx
hpctx->http_parseopts);
if (0 != status) return status;
}
if (0 == vlen)
return 0;

const unsigned int http_header_strict =
(hpctx->http_parseopts & HTTP_PARSEOPT_HEADER_STRICT);
Expand Down Expand Up @@ -836,6 +838,11 @@ http_request_parse_header (request_st * const restrict r, http_header_parse_ctx
* XXX: must ensure that trailers are not disallowed field-names
*/

#if 0
if (0 == vlen)
return 0;
#endif

return 0;
}
}
Expand Down

0 comments on commit 262561f

Please sign in to comment.