Florian Obser([email protected]) on 2019.03.04 09:38:14 +0100:
> On Mon, Mar 04, 2019 at 12:51:28AM +0100, Wolf wrote:
> > Hi,
> > I'm in process of porting acme-client to linux and I might have notice
> > small bug in header parsing in http.c.
> >
> > First, let me warn you that C is not my strongest language, so I might
> > very well be wrong, but is looks to me like if http_head_parse function
> > is just parsing the key-value pairs from the header and doing no
> > manipulation on them.
> >
> > And then http_head_get is used to search for specific header. But it
> > uses just strcmp to try to match the strings, while based on
> > https://tools.ietf.org/html/rfc7230#section-3.2 my understanding is,
> > that field names are supposed to be case-insensitive.
> >
> > So search for Reply-Nonce in netproc.c my as well fail because for
> > server it's perfectly legal to send it as reply-nonce instead.
>
> Indeed, thanks!
> This should fix it:
ok benno@
> (I glanced at relayd and httpd, the other two main http protocol
> speakers and they seem to get this right. Benno?)
relayd does, yes.
> diff --git http.c http.c
> index 79330ae2905..0974182559f 100644
> --- http.c
> +++ http.c
> @@ -442,9 +442,8 @@ http_head_get(const char *v, struct httphead *h, size_t
> hsz)
> size_t i;
>
> for (i = 0; i < hsz; i++) {
> - if (strcmp(h[i].key, v))
> - continue;
> - return &h[i];
> + if (strcasecmp(h[i].key, v) == 0)
> + return &h[i];
> }
> return NULL;
> }
>
>
> >
> > If you don't consider this an issue, please, feel free to just ignore
> > this mail and sorry for bothering you.
> >
> > Have a nice day,
> > W.
> >
> > --
> > There are only two hard things in Computer Science:
> > cache invalidation, naming things and off-by-one errors.
>
>
>
> --
> I'm not entirely sure you are real.
>
