J. K.([email protected]) on 2021.10.21 11:55:47 +0200:
> Hi,
>
> I don't know if this is a real issue from OpenBSD's httpd(8).
> Tried some requests to httpd(8) for the purpose of education.
>
> Simple tried the following request:
>
> $ telnet 10.42.42.183 80
> Trying 10.42.42.183...
> Connected to 10.42.42.183.
> Escape character is '^]'.
> GET / HTTP/1.1
> fasfsdfsfd
>
> Here without the colon httpd(8) return an internal server
> error.
>
> Can somebody verify this behavior?
>
> Noticed with OpenBSD 7.0. Is this a correct behavior (RFC
> conform)?
>
> Thanks in advance!
>
> Kind regrads,
>
> J. K.
Hi,
yes. The server should probably answer with a "Bad Request" instead.
Fix below. ok?
diff --git usr.sbin/httpd/server_http.c usr.sbin/httpd/server_http.c
index 732add41283..fce3c21af72 100644
--- usr.sbin/httpd/server_http.c
+++ usr.sbin/httpd/server_http.c
@@ -268,8 +268,14 @@ server_read_http(struct bufferevent *bev, void *arg)
else if (*key == ' ' || *key == '\t')
/* Multiline headers wrap with a space or tab */
value = NULL;
- else
+ else {
+ /* Not a multiline header, should have a : */
value = strchr(key, ':');
+ if (value == NULL) {
+ server_abort_http(clt, 400, "malformed");
+ goto abort;
+ }
+ }
if (value == NULL) {
if (clt->clt_line == 1) {
server_abort_http(clt, 400, "malformed");
