On Mon, Mar 04, 2019 at 12:51:28AM +0100, Wolf wrote:
> Hi,
> I'm in process of porting acme-client to linux and I might have notice
> small bug in header parsing in http.c.
>
> First, let me warn you that C is not my strongest language, so I might
> very well be wrong, but is looks to me like if http_head_parse function
> is just parsing the key-value pairs from the header and doing no
> manipulation on them.
>
> And then http_head_get is used to search for specific header. But it
> uses just strcmp to try to match the strings, while based on
> https://tools.ietf.org/html/rfc7230#section-3.2 my understanding is,
> that field names are supposed to be case-insensitive.
>
> So search for Reply-Nonce in netproc.c my as well fail because for
> server it's perfectly legal to send it as reply-nonce instead.
Indeed, thanks!
This should fix it:
(I glanced at relayd and httpd, the other two main http protocol
speakers and they seem to get this right. Benno?)
diff --git http.c http.c
index 79330ae2905..0974182559f 100644
--- http.c
+++ http.c
@@ -442,9 +442,8 @@ http_head_get(const char *v, struct httphead *h, size_t hsz)
size_t i;
for (i = 0; i < hsz; i++) {
- if (strcmp(h[i].key, v))
- continue;
- return &h[i];
+ if (strcasecmp(h[i].key, v) == 0)
+ return &h[i];
}
return NULL;
}
>
> If you don't consider this an issue, please, feel free to just ignore
> this mail and sorry for bothering you.
>
> Have a nice day,
> W.
>
> --
> There are only two hard things in Computer Science:
> cache invalidation, naming things and off-by-one errors.
--
I'm not entirely sure you are real.
