diff options
| author | erdgeist <> | 2008-12-05 20:34:24 +0000 |
|---|---|---|
| committer | erdgeist <> | 2008-12-05 20:34:24 +0000 |
| commit | 23be5c4d55d0bf028619064e8d5700dd1af6e1a3 (patch) | |
| tree | 394a06ffe6b84afcce6da06d1673257c4605d502 | |
| parent | 71207993795429e6cef5731c0111e21da7534926 (diff) | |
Let's give a damn about syntactical correctness of peer's http strings. It's too expensive on both sides to check and to reject.
| -rw-r--r-- | ot_http.c | 4 |
1 files changed, 0 insertions, 4 deletions
| @@ -504,10 +504,6 @@ ssize_t http_handle_request( const int64 client_socket, char *data, size_t recv_ | |||
| 504 | /* This one implicitely tests strlen < 5, too -- remember, it is \n terminated */ | 504 | /* This one implicitely tests strlen < 5, too -- remember, it is \n terminated */ |
| 505 | if( byte_diff( data, 5, "GET /") ) HTTPERROR_400; | 505 | if( byte_diff( data, 5, "GET /") ) HTTPERROR_400; |
| 506 | 506 | ||
| 507 | /* Query string MUST terminate with SP -- we know that theres at least a '\n' where this search terminates */ | ||
| 508 | for( c = data + 5; *c!=' ' && *c != '\t' && *c != '\n' && *c != '\r'; ++c ) ; | ||
| 509 | if( *c != ' ' ) HTTPERROR_400; | ||
| 510 | |||
| 511 | /* Skip leading '/' */ | 507 | /* Skip leading '/' */ |
| 512 | for( c = data+4; *c == '/'; ++c); | 508 | for( c = data+4; *c == '/'; ++c); |
| 513 | 509 | ||