[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] branch master updated (1ddb4764 -> a76f989d)
|
From: |
gnunet |
|
Subject: |
[libmicrohttpd] branch master updated (1ddb4764 -> a76f989d) |
|
Date: |
Sun, 15 May 2022 19:30:55 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a change to branch master
in repository libmicrohttpd.
from 1ddb4764 MHD_create_response_empty(): fixed typo
new c4b0c4bc parse_cookie_header(): moved outside error reporting
new 8643dc6b test_parse_cookies: updated to better match RFC 6265
new a76f989d test_parse_cookie: split into two tests
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/microhttpd/connection.c | 68 ++++++-----
src/testcurl/Makefile.am | 4 +
src/testcurl/test_parse_cookies.c | 241 +++++++++++++++++++++++++++++++-------
3 files changed, 242 insertions(+), 71 deletions(-)
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index 949e6ec4..5d795b47 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -2752,13 +2752,23 @@ connection_add_header (struct MHD_Connection
*connection,
}
+/**
+ * Cookie parsing result
+ */
+enum _MHD_ParseCookie
+{
+ MHD_PARSE_COOKIE_OK = MHD_YES, /**< Success or no cookies in headers */
+ MHD_PARSE_COOKIE_MALFORMED = -1, /**< Invalid cookie header */
+ MHD_PARSE_COOKIE_NO_MEMORY = MHD_NO /**< Not enough memory in the pool */
+};
+
/**
* Parse the cookie header (see RFC 2109).
*
* @param connection connection to parse header of
* @return #MHD_YES for success, #MHD_NO for failure (malformed, out of memory)
*/
-static enum MHD_Result
+static enum _MHD_ParseCookie
parse_cookie_header (struct MHD_Connection *connection)
{
const char *hdr;
@@ -2780,20 +2790,12 @@ parse_cookie_header (struct MHD_Connection *connection)
MHD_HTTP_HEADER_COOKIE),
&hdr,
&hdr_len))
- return MHD_YES;
+ return MHD_PARSE_COOKIE_OK;
cpy = connection_alloc_memory (connection,
hdr_len + 1);
if (NULL == cpy)
- {
-#ifdef HAVE_MESSAGES
- MHD_DLOG (connection->daemon,
- _ ("Not enough memory in pool to parse cookies!\n"));
-#endif
- transmit_error_response_static (connection,
- MHD_HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE,
- REQUEST_TOO_BIG);
- return MHD_NO;
- }
+ return MHD_PARSE_COOKIE_NO_MEMORY;
+
memcpy (cpy,
hdr,
hdr_len);
@@ -2822,13 +2824,13 @@ parse_cookie_header (struct MHD_Connection *connection)
/* value part omitted, use empty string... */
mhd_assert (ekill >= pos);
if (MHD_NO ==
- connection_add_header (connection,
- pos,
- (size_t) (ekill - pos + 1),
- "",
- 0,
- MHD_COOKIE_KIND))
- return MHD_NO;
+ MHD_set_connection_value_n_nocheck_ (connection,
+ MHD_COOKIE_KIND,
+ pos,
+ (size_t) (ekill - pos + 1),
+ "",
+ 0))
+ return MHD_PARSE_COOKIE_NO_MEMORY;
if (old == '\0')
break;
pos = sce + 1;
@@ -2865,16 +2867,16 @@ parse_cookie_header (struct MHD_Connection *connection)
mhd_assert (ekill >= pos);
mhd_assert (end >= equals);
if (MHD_NO ==
- connection_add_header (connection,
- pos,
- (size_t) (ekill - pos + 1),
- equals,
- (size_t) (end - equals),
- MHD_COOKIE_KIND))
- return MHD_NO;
+ MHD_set_connection_value_n_nocheck_ (connection,
+ MHD_COOKIE_KIND,
+ pos,
+ (size_t) (ekill - pos + 1),
+ equals,
+ (size_t) (end - equals)))
+ return MHD_PARSE_COOKIE_NO_MEMORY;
pos = semicolon;
}
- return MHD_YES;
+ return MHD_PARSE_COOKIE_OK;
}
@@ -3618,7 +3620,17 @@ parse_connection_headers (struct MHD_Connection
*connection)
const char *enc;
size_t val_len;
- parse_cookie_header (connection);
+ if (MHD_PARSE_COOKIE_NO_MEMORY == parse_cookie_header (connection))
+ {
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (connection->daemon,
+ _ ("Not enough memory in pool to parse cookies!\n"));
+#endif
+ transmit_error_response_static (connection,
+ MHD_HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE,
+ REQUEST_TOO_BIG);
+ return;
+ }
if ( (1 <= connection->daemon->strict_for_client) &&
(MHD_IS_HTTP_VER_1_1_COMPAT (connection->http_ver)) &&
(MHD_NO ==
diff --git a/src/testcurl/Makefile.am b/src/testcurl/Makefile.am
index cc67b87a..58158b18 100644
--- a/src/testcurl/Makefile.am
+++ b/src/testcurl/Makefile.am
@@ -103,6 +103,7 @@ check_PROGRAMS = \
test_process_headers \
test_process_arguments \
test_parse_cookies \
+ test_parse_cookies_invalid \
test_toolarge_method \
test_toolarge_url \
test_toolarge_request_header_name \
@@ -330,6 +331,9 @@ test_process_headers_SOURCES = \
test_parse_cookies_SOURCES = \
test_parse_cookies.c mhd_has_in_name.h
+test_parse_cookies_invalid_SOURCES = \
+ test_parse_cookies.c mhd_has_in_name.h
+
test_process_arguments_SOURCES = \
test_process_arguments.c mhd_has_in_name.h
diff --git a/src/testcurl/test_parse_cookies.c
b/src/testcurl/test_parse_cookies.c
index d124b3a9..7de83c32 100644
--- a/src/testcurl/test_parse_cookies.c
+++ b/src/testcurl/test_parse_cookies.c
@@ -40,7 +40,7 @@
#include <unistd.h>
#endif
-static int oneone;
+static int use_invalid;
struct CBC
{
@@ -113,10 +113,16 @@ ahc_echo (void *cls,
fprintf (stderr, "'name4' cookie decoded incorrectly.\n");
exit (11);
}
- if (4 != MHD_get_connection_values_n (connection, MHD_COOKIE_KIND,
+ hdr = MHD_lookup_connection_value (connection, MHD_COOKIE_KIND, "name5");
+ if ((hdr == NULL) || (0 != strcmp (hdr, "var_with_=_char")))
+ {
+ fprintf (stderr, "'name5' cookie decoded incorrectly.\n");
+ exit (11);
+ }
+ if (5 != MHD_get_connection_values_n (connection, MHD_COOKIE_KIND,
NULL, NULL))
{
- fprintf (stderr, "The total number of cookie is not four.\n");
+ fprintf (stderr, "The total number of cookie is not five.\n");
exit (12);
}
}
@@ -143,7 +149,7 @@ ahc_echo (void *cls,
static unsigned int port;
static unsigned int
-testExternalGet (int use_invalid)
+testExternalGet (int test_number)
{
struct MHD_Daemon *d;
CURL *c;
@@ -190,48 +196,192 @@ testExternalGet (int use_invalid)
curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L);
- if (0 == use_invalid)
- {
- curl_easy_setopt (c, CURLOPT_COOKIE,
- "name1=var1; name2=var2,name3 ;" \
- "name4=\"var4 with spaces\";" \
- " ; ;; ;");
- }
- else if (1 == use_invalid)
+ if (! use_invalid)
{
- curl_easy_setopt (c, CURLOPT_COOKIE,
- "var1=value1=");
- }
- else if (2 == use_invalid)
- {
- curl_easy_setopt (c, CURLOPT_COOKIE,
- "var1=value1;=;");
- }
- else if (3 == use_invalid)
- {
- curl_easy_setopt (c, CURLOPT_COOKIE,
- "=");
- }
- else if (4 == use_invalid)
- {
- curl_easy_setopt (c, CURLOPT_COOKIE,
- ";=");
- }
- else if (5 == use_invalid)
- {
- curl_easy_setopt (c, CURLOPT_COOKIE,
- "=;");
+ if (0 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "name1=var1; name2=var2; name3=; " \
+ "name4=\"var4 with spaces\"; " \
+ "name5=var_with_=_char");
+ }
+ else if (1 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "name1=var1;name2=var2;name3=;" \
+ "name4=\"var4 with spaces\";" \
+ "name5=var_with_=_char");
+ }
+ else if (2 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "name1=var1; name2=var2; name3=; " \
+ "name4=\"var4 with spaces\"; " \
+ "name5=var_with_=_char\t \t");
+ }
+ else if (3 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "name1=var1;;name2=var2;;name3=;;" \
+ "name4=\"var4 with spaces\";;" \
+ "name5=var_with_=_char;\t \t");
+ }
+ else if (4 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "name1=var1 ;name2=var2 ;name3= ;" \
+ "name4=\"var4 with spaces\" ;" \
+ "name5=var_with_=_char ;");
+ }
+ else if (5 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "name3=; name1=var1; name2=var2; " \
+ "name5=var_with_=_char;" \
+ "name4=\"var4 with spaces\"");
+ }
+ else if (6 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "name2=var2; name1=var1; " \
+ "name5=var_with_=_char; name3=; " \
+ "name4=\"var4 with spaces\";");
+ }
+ else if (7 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "name2=var2; name1=var1; " \
+ "name5=var_with_=_char; " \
+ "name4=\"var4 with spaces\"; name3=");
+ }
+ else if (8 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "name2=var2; name1=var1; " \
+ "name4=\"var4 with spaces\"; " \
+ "name5=var_with_=_char; name3=;");
+ }
+ else if (9 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ ";;;;;;;;name1=var1; name2=var2; name3=; " \
+ "name4=\"var4 with spaces\"; " \
+ "name5=var_with_=_char");
+ }
+ else if (10 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "name1=var1; name2=var2; name3=; " \
+ "name4=\"var4 with spaces\"; ; ; ; ; " \
+ "name5=var_with_=_char");
+ }
+ else if (11 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "name1=var1; name2=var2; name3=; " \
+ "name4=\"var4 with spaces\"; " \
+ "name5=var_with_=_char;;;;;;;;");
+ }
+ else if (12 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "name1=var1; name2=var2; " \
+ "name4=\"var4 with spaces\"" \
+ "name5=var_with_=_char; ; ; ; ; name3=");
+ }
+ else if (13 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "name5=var_with_=_char ;" \
+ "name1=var1; name2=var2; name3=; " \
+ "name4=\"var4 with spaces\" ");
+ }
+ else if (14 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "name5=var_with_=_char; name4=\"var4 with spaces\";" \
+ "name1=var1; name2=var2; name3=");
+ }
}
- else if (6 == use_invalid)
+ else
{
- curl_easy_setopt (c, CURLOPT_COOKIE,
- "a=b,d=c");
+ if (0 == test_number)
+ {
+ (void) 0; /* No cookie */
+ }
+ else if (1 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "");
+ }
+ else if (2 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ " ");
+ }
+ else if (3 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "\t");
+ }
+ else if (4 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "var=,");
+ }
+ else if (5 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "var=\"\\ \"");
+ }
+ else if (6 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "var=value space");
+ }
+ else if (7 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "var=value\ttab");
+ }
+ else if (8 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "=");
+ }
+ else if (9 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "====");
+ }
+ else if (10 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ ";=");
+ }
+ else if (11 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "var");
+ }
+ else if (12 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "=;");
+ }
+ else if (13 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ "= ;");
+ }
+ else if (14 == test_number)
+ {
+ curl_easy_setopt (c, CURLOPT_COOKIE,
+ ";= ;");
+ }
}
- if (oneone)
- curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
- else
- curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
+ curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_easy_setopt (c, CURLOPT_TIMEOUT, 150L);
curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 150L);
/* NOTE: use of CONNECTTIMEOUT without also
@@ -363,7 +513,7 @@ main (int argc, char *const *argv)
if ((NULL == argv) || (0 == argv[0]))
return 99;
- oneone = has_in_name (argv[0], "11");
+ use_invalid = has_in_name (argv[0], "_invalid");
if (0 != curl_global_init (CURL_GLOBAL_WIN32))
return 2;
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
@@ -371,7 +521,7 @@ main (int argc, char *const *argv)
else
{
port = 1340;
- if (oneone)
+ if (use_invalid)
port += 5;
}
errorCount += testExternalGet (0);
@@ -381,6 +531,11 @@ main (int argc, char *const *argv)
errorCount += testExternalGet (4);
errorCount += testExternalGet (5);
errorCount += testExternalGet (6);
+ errorCount += testExternalGet (7);
+ errorCount += testExternalGet (8);
+ errorCount += testExternalGet (9);
+ errorCount += testExternalGet (10);
+ errorCount += testExternalGet (11);
if (errorCount != 0)
fprintf (stderr, "Error (code: %u)\n", errorCount);
curl_global_cleanup ();
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (1ddb4764 -> a76f989d),
gnunet <=