diff options
| -rw-r--r-- | lib/PublicInbox/HTTP.pm | 35 | ||||
| -rw-r--r-- | t/httpd-corner.t | 32 |
2 files changed, 56 insertions, 11 deletions
diff --git a/lib/PublicInbox/HTTP.pm b/lib/PublicInbox/HTTP.pm index df328904..b73ce2d7 100644 --- a/lib/PublicInbox/HTTP.pm +++ b/lib/PublicInbox/HTTP.pm @@ -335,19 +335,31 @@ sub input_tmpfile ($) { sub input_prepare { my ($self, $env) = @_; - my $input; - my $len = $env->{CONTENT_LENGTH}; - if ($len) { - if ($len > $MAX_REQUEST_BUFFER) { - quit($self, 413); - return; - } - $input = input_tmpfile($self); - } elsif (env_chunked($env)) { + my ($input, $len); + + # rfc 7230 3.3.2, 3.3.3,: favor Transfer-Encoding over Content-Length + my $hte = $env->{HTTP_TRANSFER_ENCODING}; + if (defined $hte) { + # rfc7230 3.3.3, point 3 says only chunked is accepted + # as the final encoding. Since neither public-inbox-httpd, + # git-http-backend, or our WWW-related code uses "gzip", + # "deflate" or "compress" as the Transfer-Encoding, we'll + # reject them: + return quit($self, 400) if $hte !~ /\Achunked\z/i; + $len = CHUNK_START; $input = input_tmpfile($self); } else { - $input = $null_io; + $len = $env->{CONTENT_LENGTH}; + if (defined $len) { + # rfc7230 3.3.3.4 + return quit($self, 400) if $len !~ /\A[0-9]+\z/; + + return quit($self, 413) if $len > $MAX_REQUEST_BUFFER; + $input = $len ? input_tmpfile($self) : $null_io; + } else { + $input = $null_io; + } } # TODO: expire idle clients on ENFILE / EMFILE @@ -358,7 +370,7 @@ sub input_prepare { $self->{input_left} = $len || 0; } -sub env_chunked { ($_[0]->{HTTP_TRANSFER_ENCODING} || '') =~ /\bchunked\b/i } +sub env_chunked { ($_[0]->{HTTP_TRANSFER_ENCODING} // '') =~ /\Achunked\z/i } sub err ($$) { eval { $_[0]->{httpd}->{env}->{'psgi.errors'}->print($_[1]."\n") }; @@ -451,6 +463,7 @@ sub quit { my $h = "HTTP/1.1 $status " . status_message($status) . "\r\n\r\n"; $self->write(\$h); $self->close; + undef; # input_prepare expects this } sub close { diff --git a/t/httpd-corner.t b/t/httpd-corner.t index cb813897..c99e5ec7 100644 --- a/t/httpd-corner.t +++ b/t/httpd-corner.t @@ -155,6 +155,38 @@ SKIP: { } { + my $conn = conn_for($sock, '1.1 Transfer-Encoding bogus'); + $conn->write("PUT /sha1 HTTP/1.1\r\nTransfer-Encoding: bogus\r\n\r\n"); + $conn->read(my $buf, 4096); + like($buf, qr!\AHTTP/1\.[0-9] 400 !, 'got 400 response on bogus TE'); +} +{ + my $conn = conn_for($sock, '1.1 Content-Length bogus'); + $conn->write("PUT /sha1 HTTP/1.1\r\nContent-Length: 3.3\r\n\r\n"); + $conn->read(my $buf, 4096); + like($buf, qr!\AHTTP/1\.[0-9] 400 !, 'got 400 response on bad length'); +} + +{ + my $req = "PUT /sha1 HTTP/1.1\r\nContent-Length: 3\r\n" . + "Content-Length: 3\r\n\r\n"; + # this is stricter than it needs to be. Due to the way + # Plack::HTTPParser, PSGI specs, and how hash tables work in common + # languages; it's not possible to tell the difference between folded + # and intentionally bad commas (e.g. "Content-Length: 3, 3") + if (0) { + require Plack::HTTPParser; # XS or pure Perl + require Data::Dumper; + Plack::HTTPParser::parse_http_request($req, my $env = {}); + diag Data::Dumper::Dumper($env); # "Content-Length: 3, 3" + } + my $conn = conn_for($sock, '1.1 Content-Length dupe'); + $conn->write($req); + $conn->read(my $buf, 4096); + like($buf, qr!\AHTTP/1\.[0-9] 400 !, 'got 400 response on dupe length'); +} + +{ my $conn = conn_for($sock, 'chunk with pipeline'); my $n = 10; my $payload = 'b'x$n; |