commit: r1645 - in neon/trunk: src test

joe at manyfish.co.uk joe at manyfish.co.uk
Thu Mar 5 06:48:02 EST 2009


Author: joe
Date: Thu Mar  5 03:48:02 2009
New Revision: 1645

Modified:
   neon/trunk/src/ne_request.c
   neon/trunk/test/request.c

Log:
Be strict in parsing C-L response header:

* src/ne_request.c (ne_begin_request): Fail for a C-L with trailing
  non-numeric chars, or is an empty string.

* test/request.c (no_body_empty_clength, no_body_bad_clength): Remove tests.
  (fail_on_invalid): Add tests for invalid C-L.



Modified: neon/trunk/src/ne_request.c
==============================================================================
--- neon/trunk/src/ne_request.c	(original)
+++ neon/trunk/src/ne_request.c	Thu Mar  5 03:48:02 2009
@@ -1,6 +1,6 @@
 /* 
    HTTP request/response handling
-   Copyright (C) 1999-2008, Joe Orton <joe at manyfish.co.uk>
+   Copyright (C) 1999-2009, Joe Orton <joe at manyfish.co.uk>
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Library General Public
@@ -1267,8 +1267,10 @@
     } 
     else if ((value = get_response_header_hv(req, HH_HV_CONTENT_LENGTH,
                                              "content-length")) != NULL) {
-        ne_off_t len = ne_strtoff(value, NULL, 10);
-        if (len != NE_OFFT_MAX && len >= 0) {
+        char *endptr = NULL;
+        ne_off_t len = ne_strtoff(value, &endptr, 10);
+
+        if (*value && len != NE_OFFT_MAX && len >= 0 && endptr && *endptr == '\0') {
             req->resp.mode = R_CLENGTH;
             req->resp.body.clen.total = req->resp.body.clen.remain = len;
         } else {

Modified: neon/trunk/test/request.c
==============================================================================
--- neon/trunk/test/request.c	(original)
+++ neon/trunk/test/request.c	Thu Mar  5 03:48:02 2009
@@ -1,6 +1,6 @@
 /* 
    HTTP request handling tests
-   Copyright (C) 2001-2008, Joe Orton <joe at manyfish.co.uk>
+   Copyright (C) 2001-2009, Joe Orton <joe at manyfish.co.uk>
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -227,7 +227,7 @@
 {
     return expect_response("a", single_serve_string,
 			   RESP200
-			   "Content-Length: 1\r\n"
+			   "Content-Length: \t\t 1 \t\t\r\n"
 			   "\r\n"
 			   "a"
 			   "bbbbbbbbasdasd");
@@ -262,18 +262,6 @@
 			  "Content-Length: 5\r\n\r\n");
 }
 
-static int no_body_empty_clength(void)
-{
-    return expect_no_body("GET", "HTTP/1.1 200 OK\r\n"
-			  "Content-Length:\r\n\r\n");
-}
-
-static int no_body_bad_clength(void)
-{
-    return expect_no_body("GET", "HTTP/1.1 200 OK\r\n"
-			  "Content-Length: foobar\r\n\r\n");
-}
-
 static int no_headers(void)
 {
     return expect_response("abcde", single_serve_string,
@@ -1599,6 +1587,15 @@
         /* negative C-L */
         { RESP200 "Content-Length: -1\r\n" "\r\n" "abcde",
           "Invalid Content-Length" },
+
+        /* invalid C-Ls */
+        { RESP200 "Content-Length: 5, 3\r\n" "\r\n" "abcde",
+          "Invalid Content-Length" },
+        { RESP200 "Content-Length: 5z\r\n" "\r\n" "abcde",
+          "Invalid Content-Length" },
+        { RESP200 "Content-Length: z5\r\n" "\r\n" "abcde",
+          "Invalid Content-Length" },
+
         /* stupidly-large C-L */
         { RESP200 "Content-Length: 99999999999999999999999999\r\n" 
           "\r\n" "abcde",
@@ -2225,8 +2222,6 @@
     T(no_body_204),
     T(no_body_304),
     T(no_body_HEAD),
-    T(no_body_empty_clength),
-    T(no_body_bad_clength),
     T(no_headers),
     T(chunks),
     T(te_header),




More information about the neon-commits mailing list