From 5bb1c653ef36011941889a8436a501be8bc19e43 Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Thu, 26 Dec 2013 00:08:42 +0900 Subject: [PATCH] src: Omit \r\n sanitization on header value This is because nghttp2 and spdylay now don't allow \r\n in header value. Require spdylay >= 1.2.3. --- configure.ac | 2 +- src/http2.cc | 33 +++++++++++++++++---------------- src/http2.h | 5 +---- src/http2_test.cc | 22 +++++++++------------- 4 files changed, 28 insertions(+), 34 deletions(-) diff --git a/configure.ac b/configure.ac index f529aab9..f2a1a4b7 100644 --- a/configure.ac +++ b/configure.ac @@ -214,7 +214,7 @@ fi AM_CONDITIONAL([HAVE_LIBXML2], [ test "x${have_libxml2}" = "xyes" ]) # spdylay (for src/nghttpx) -PKG_CHECK_MODULES([LIBSPDYLAY], [libspdylay >= 1.2.0], +PKG_CHECK_MODULES([LIBSPDYLAY], [libspdylay >= 1.2.3], [have_spdylay=yes], [have_spdylay=no]) if test "x${have_spdylay}" = "xyes"; then AC_DEFINE([HAVE_SPDYLAY], [1], [Define to 1 if you have `spdylay` library.]) diff --git a/src/http2.cc b/src/http2.cc index b758d4f6..3120d79f 100644 --- a/src/http2.cc +++ b/src/http2.cc @@ -92,27 +92,28 @@ void capitalize(std::string& s, size_t offset) bool check_header_value(const char *value) { - return strpbrk(value, "\r\n") == nullptr; -} - -bool check_header_value(const nghttp2_nv* nv) -{ - size_t i; - for(i = 0; i < nv->valuelen; ++i) { - if(nv->value[i] == '\r' || nv->value[i] == '\n') { - return false; + for(; *value; ++value) { + switch(*value) { + case '\t': + case ' ': + continue; + default: + return true; } } - return true; + return false; } void sanitize_header_value(std::string& s, size_t offset) { - for(size_t i = offset, eoi = s.size(); i < eoi; ++i) { - if(s[i] == '\r' || s[i] == '\n') { - s[i] = ' '; - } - } + // Since both nghttp2 and spdylay do not allow \n and \r in header + // values, we don't have to do this anymore. + + // for(size_t i = offset, eoi = s.size(); i < eoi; ++i) { + // if(s[i] == '\r' || s[i] == '\n') { + // s[i] = ' '; + // } + // } } void copy_url_component(std::string& dest, const http_parser_url *u, int field, @@ -307,7 +308,7 @@ bool value_lws(const nghttp2_nv *nv) bool non_empty_value(const nghttp2_nv* nv) { - return nv && !http2::value_lws(nv) && http2::check_header_value(nv); + return nv && !http2::value_lws(nv); } nghttp2_nv make_nv(const std::string& name, const std::string& value) diff --git a/src/http2.h b/src/http2.h index 6014acaa..b8a19f14 100644 --- a/src/http2.h +++ b/src/http2.h @@ -44,12 +44,9 @@ std::string get_status_string(unsigned int status_code); void capitalize(std::string& s, size_t offset); -// Returns false if |value| contains \r or \n. +// Returns false if |value| is LWS bool check_header_value(const char *value); -// Returns false if |nv->value| contains \r or \n. -bool check_header_value(const nghttp2_nv *nv); - void sanitize_header_value(std::string& s, size_t offset); // Copies the |field| component value from |u| and |url| to the diff --git a/src/http2_test.cc b/src/http2_test.cc index cdab0670..7044aa4f 100644 --- a/src/http2_test.cc +++ b/src/http2_test.cc @@ -204,24 +204,20 @@ void test_http2_build_http1_headers_from_norm_headers(void) "Zulu: 12\r\n"); hdrs.clear(); - auto hd2 = std::vector> - {{"alpha", "bravo\r\ncharlie\r\n"}}; - http2::build_http1_headers_from_norm_headers(hdrs, hd2); - CU_ASSERT(hdrs == "Alpha: bravo charlie \r\n"); + // Both nghttp2 and spdylay do not allow \r and \n in header value + // now. + + // auto hd2 = std::vector> + // {{"alpha", "bravo\r\ncharlie\r\n"}}; + // http2::build_http1_headers_from_norm_headers(hdrs, hd2); + // CU_ASSERT(hdrs == "Alpha: bravo charlie \r\n"); } void test_http2_check_header_value(void) { CU_ASSERT(http2::check_header_value("alpha")); - CU_ASSERT(!http2::check_header_value("alpha\r")); - CU_ASSERT(!http2::check_header_value("alpha\n")); - - nghttp2_nv nv1 = MAKE_NV("alpha", "bravo"); - CU_ASSERT(http2::check_header_value(&nv1)); - nghttp2_nv nv2 = MAKE_NV("alpha", "bravo\r"); - CU_ASSERT(!http2::check_header_value(&nv2)); - nghttp2_nv nv3 = MAKE_NV("alpha", "bravo\n"); - CU_ASSERT(!http2::check_header_value(&nv3)); + CU_ASSERT(!http2::check_header_value(" ")); + CU_ASSERT(!http2::check_header_value("")); } namespace {