Improve wolfIO_HttpProcessResponse HTTP header checking logic.

Modify this function to just ensure that the response header starts with "HTTP 1.x 200" (where x is 0, 1, etc.).
2025-08-01 03:34:39 +02:00 · 2021-07-06 15:10:18 -07:00
parent 197b959916
commit 7422f07fb5
1 changed files with 23 additions and 11 deletions
--- a/src/wolfio.c
+++ b/src/wolfio.c
@@ -1009,6 +1009,8 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
 int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
    byte** respBuf, byte* httpBuf, int httpBufSz, int dynType, void* heap)
 {
+    static const char HTTP_PROTO[] = "HTTP/1.";
+    static const char HTTP_STATUS_200[] = "200";
    int result = 0;
    int len = 0;
    char *start, *end;
@@ -1019,6 +1021,8 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
                     phr_http_end
    } state = phr_init;

+    WOLFSSL_ENTER("wolfIO_HttpProcessResponse");
+
    *respBuf = NULL;
    start = end = NULL;
    do {
@@ -1082,20 +1086,28 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,

            switch (state) {
                case phr_init:
-                    if (XSTRLEN(start) < 15) { /* 15 is the length of the two
-                                          constant strings we're about to
-                                          compare against. */
-                        WOLFSSL_MSG("wolfIO_HttpProcessResponse HTTP header too short.");
+                    /* length of "HTTP/1.x 200" == 12*/
+                    if (XSTRLEN(start) < 12) {
+                        WOLFSSL_MSG("wolfIO_HttpProcessResponse HTTP header "
+                            "too short.");
                        return -1;
                    }
-                    if (XSTRNCASECMP(start, "HTTP/1", 6) == 0) {
-                        start += 9;
-                        if (XSTRNCASECMP(start, "200 OK", 6) != 0) {
-                            WOLFSSL_MSG("wolfIO_HttpProcessResponse not OK");
-                            return -1;
-                        }
-                        state = phr_http_start;
+                    if (XSTRNCASECMP(start, HTTP_PROTO,
+                                     sizeof(HTTP_PROTO) - 1) != 0) {
+                        WOLFSSL_MSG("wolfIO_HttpProcessResponse HTTP header "
+                            "doesn't start with HTTP/1.");
+                        return -1;
                    }
+                    /* +2 for HTTP minor version and space between version and
+                     * status code. */
+                    start += sizeof(HTTP_PROTO) - 1 + 2 ;
+                    if (XSTRNCASECMP(start, HTTP_STATUS_200,
+                                     sizeof(HTTP_STATUS_200) - 1) != 0) {
+                        WOLFSSL_MSG("wolfIO_HttpProcessResponse HTTP header "
+                            "doesn't have status code 200.");
+                        return -1;
+                    }
+                    state = phr_http_start;
                    break;
                case phr_http_start:
                case phr_have_length: