feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Improve wolfIO_HttpProcessResponse HTTP header checking logic.

Browse Source 
Modify this function to just ensure that the response header starts with "HTTP
1.x 200" (where x is 0, 1, etc.).
This commit is contained in:
Hayden Roche
2021-07-06 15:10:18 -07:00
parent 197b959916
commit 7422f07fb5
1 changed files with 23 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/wolfio.c
View File

@@ -1009,6 +1009,8 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
byte** respBuf, byte* httpBuf, int httpBufSz, int dynType, void* heap) byte** respBuf, byte* httpBuf, int httpBufSz, int dynType, void* heap)
{ {
static const char HTTP_PROTO[] = "HTTP/1.";
static const char HTTP_STATUS_200[] = "200";
int result = 0; int result = 0;
int len = 0; int len = 0;
char *start, *end; char *start, *end;
@@ -1019,6 +1021,8 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
phr_http_end phr_http_end
} state = phr_init; } state = phr_init;
WOLFSSL_ENTER("wolfIO_HttpProcessResponse");
*respBuf = NULL; *respBuf = NULL;
start = end = NULL; start = end = NULL;
do { do {
@@ -1082,20 +1086,28 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
switch (state) { switch (state) {
case phr_init: case phr_init:
if (XSTRLEN(start) < 15) { /* 15 is the length of the two /* length of "HTTP/1.x 200" == 12*/
constant strings we're about to if (XSTRLEN(start) < 12) {
compare against. */ WOLFSSL_MSG("wolfIO_HttpProcessResponse HTTP header "
WOLFSSL_MSG("wolfIO_HttpProcessResponse HTTP header too short."); "too short.");
return -1; return -1;
} }
if (XSTRNCASECMP(start, "HTTP/1", 6) == 0) { if (XSTRNCASECMP(start, HTTP_PROTO,
start += 9; sizeof(HTTP_PROTO) - 1) != 0) {
if (XSTRNCASECMP(start, "200 OK", 6) != 0) { WOLFSSL_MSG("wolfIO_HttpProcessResponse HTTP header "
WOLFSSL_MSG("wolfIO_HttpProcessResponse not OK"); "doesn't start with HTTP/1.");
return -1;
}
/* +2 for HTTP minor version and space between version and
* status code. */
start += sizeof(HTTP_PROTO) - 1 + 2 ;
if (XSTRNCASECMP(start, HTTP_STATUS_200,
sizeof(HTTP_STATUS_200) - 1) != 0) {
WOLFSSL_MSG("wolfIO_HttpProcessResponse HTTP header "
"doesn't have status code 200.");
return -1; return -1;
} }
state = phr_http_start; state = phr_http_start;
}
break; break;
case phr_http_start: case phr_http_start:
case phr_have_length: case phr_have_length: