Browse Source

Let's give a damn about syntactical correctness of peer's http strings. It's too expensive on both sides to check and to reject.

dynamic-accesslists
erdgeist 16 years ago
parent
commit
23be5c4d55
  1. 4
      ot_http.c

4
ot_http.c

@ -504,10 +504,6 @@ ssize_t http_handle_request( const int64 client_socket, char *data, size_t recv_
/* This one implicitely tests strlen < 5, too -- remember, it is \n terminated */ /* This one implicitely tests strlen < 5, too -- remember, it is \n terminated */
if( byte_diff( data, 5, "GET /") ) HTTPERROR_400; if( byte_diff( data, 5, "GET /") ) HTTPERROR_400;
/* Query string MUST terminate with SP -- we know that theres at least a '\n' where this search terminates */
for( c = data + 5; *c!=' ' && *c != '\t' && *c != '\n' && *c != '\r'; ++c ) ;
if( *c != ' ' ) HTTPERROR_400;
/* Skip leading '/' */ /* Skip leading '/' */
for( c = data+4; *c == '/'; ++c); for( c = data+4; *c == '/'; ++c);

Loading…
Cancel
Save