406923 CR line termination

Do not allow CR only line termination. Respond with 400 bad request.
This commit is contained in:
Greg Wilkins 2013-05-02 10:44:11 +10:00
parent 7da94048fa
commit 58a282d01d
2 changed files with 91 additions and 3 deletions

View File

@ -350,11 +350,15 @@ public class HttpParser implements Parser
ch=_buffer.get(); ch=_buffer.get();
if (_eol == HttpTokens.CARRIAGE_RETURN && ch == HttpTokens.LINE_FEED) if (_eol == HttpTokens.CARRIAGE_RETURN)
{
if (ch == HttpTokens.LINE_FEED)
{ {
_eol=HttpTokens.LINE_FEED; _eol=HttpTokens.LINE_FEED;
continue; continue;
} }
throw new HttpException(HttpStatus.BAD_REQUEST_400);
}
_eol=0; _eol=0;
switch (_state) switch (_state)

View File

@ -23,6 +23,8 @@ import static org.junit.Assert.assertTrue;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import junit.framework.Assert;
import org.eclipse.jetty.io.Buffer; import org.eclipse.jetty.io.Buffer;
import org.eclipse.jetty.io.ByteArrayBuffer; import org.eclipse.jetty.io.ByteArrayBuffer;
import org.eclipse.jetty.io.SimpleBuffers; import org.eclipse.jetty.io.SimpleBuffers;
@ -179,6 +181,88 @@ public class HttpParserTest
assertEquals(5, h); assertEquals(5, h);
} }
@Test
public void testHeaderParseLF() throws Exception
{
StringEndPoint io=new StringEndPoint();
io.setInput(
"GET / HTTP/1.0\012"
+ "Host: localhost\012"
+ "Header1: value1\012"
+ "Header2 : value 2a \012"
+ " value 2b \012"
+ "Header3: \012"
+ "Header4 \012"
+ " value4\012"
+ "Server5: notServer\012"
+ "\012");
ByteArrayBuffer buffer= new ByteArrayBuffer(4096);
SimpleBuffers buffers=new SimpleBuffers(buffer,null);
Handler handler = new Handler();
HttpParser parser= new HttpParser(buffers,io, handler);
parser.parse();
assertEquals("GET", f0);
assertEquals("/", f1);
assertEquals("HTTP/1.0", f2);
assertEquals("Host", hdr[0]);
assertEquals("localhost", val[0]);
assertEquals("Header1", hdr[1]);
assertEquals("value1", val[1]);
assertEquals("Header2", hdr[2]);
assertEquals("value 2a value 2b", val[2]);
assertEquals("Header3", hdr[3]);
assertEquals("", val[3]);
assertEquals("Header4", hdr[4]);
assertEquals("value4", val[4]);
assertEquals("Server5", hdr[5]);
assertEquals("notServer", val[5]);
assertEquals(5, h);
}
@Test
public void testHeaderParseCR() throws Exception
{
StringEndPoint io=new StringEndPoint();
io.setInput(
"GET / HTTP/1.0\015"
+ "Host: localhost\015"
+ "Header1: value1\015"
+ "\015");
ByteArrayBuffer buffer= new ByteArrayBuffer(4096);
SimpleBuffers buffers=new SimpleBuffers(buffer,null);
Handler handler = new Handler();
HttpParser parser= new HttpParser(buffers,io, handler);
try
{
parser.parse();
Assert.fail();
}
catch(HttpException e)
{
assertEquals(400,e._status);
}
io.setInput(
"GET / HTTP/1.0\r\n"
+ "Host: localhost\r\r\n"
+ "Header1: value1\r\n"
+ "\r\n");
parser= new HttpParser(buffers,io, handler);
try
{
parser.parse();
Assert.fail();
}
catch(HttpException e)
{
assertEquals(400,e._status);
}
}
@Test @Test
public void testChunkParse() throws Exception public void testChunkParse() throws Exception
{ {