[lwip-devel] [bug #58754] httpd.c fix of incorrect null-termination of r

lwip-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #58754] httpd.c fix of incorrect null-termination of r

From:	Alister Fisher
Subject:	[lwip-devel] [bug #58754] httpd.c fix of incorrect null-termination of request-headers and other improvements
Date:	Sun, 12 Jul 2020 01:23:16 -0400 (EDT)
User-agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36

URL:
  <https://savannah.nongnu.org/bugs/?58754>

                 Summary: httpd.c fix of incorrect null-termination of
request-headers and other improvements
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: afisher
            Submitted on: Sun 12 Jul 2020 05:23:15 AM UTC
                Category: apps
                Severity: 3 - Normal
              Item Group: Change Request
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None
            lwIP version: git head

    _______________________________________________________

Details:

http_post_request incorrectly null-terminates the headers at the last header's
CRLF. That CRLF belongs to the last header and is necessary for header-value
searches. http_post_request itself uses a search of CRLF to find the
content-length header's value.
It should null-terminate at the empty-line that immediately follows it.

The improvements include
- Removed second search for request's empty-line.
- Search for headers from start of headers.
- Removed two impossible LWIP_MIN cases.
- Moved struct http_state and struct http_ssi_state to httpd_priv.h to
facilitate adding future features separate to httpd.c, e.g. websockets, which
was suggested by Simon Goldschmidt at
https://savannah.nongnu.org/patch/?9525.
- Removed unnecessary "+ 1" from httpd_req_buf's array definition and added 1
to LWIP_HTTPD_MAX_REQ_LENGTH's default definition.
- Moved http_remove_connection into http_state_eof. Reduces code size.
- Return ERR_ABRT from http_close_or_abort_conn if it calls altcp_abort. No
effect on execution. But more technically correct.
- Misc commenting.

The patch is to c385f31076b27efb8ee37f00cb5568783a58f299, the git head at the
time this bug was submitted.



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Sun 12 Jul 2020 05:23:15 AM UTC  Name:
0001-Fix-HTTP-server-null-termination-of-request-headers-.patch  Size: 28KiB  
By: afisher

<http://savannah.nongnu.org/bugs/download.php?file_id=49474>

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?58754>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-devel] [bug #58754] httpd.c fix of incorrect null-termination of request-headers and other improvements, Alister Fisher <=

Prev by Date: [lwip-devel] [bug #58724] Treck Ripple20 Issues in LWIP
Next by Date: Re: [lwip-devel] [bug #56280] lwIP DNS need to support CNAME Resource Record
Previous by thread: [lwip-devel] [bug #58724] Treck Ripple20 Issues in LWIP
Next by thread: Re: [lwip-devel] [bug #56280] lwIP DNS need to support CNAME Resource Record
Index(es):
- Date
- Thread