On Thu, Oct 21, 2021 at 01:21:33PM +0200, Sebastian Benoit wrote:
> J. K.(openbsd.l...@krottmayer.com) on 2021.10.21 11:55:47 +0200:
> > Hi,
> >
> > I don't know if this is a real issue from OpenBSD's httpd(8).
> > Tried some requests to httpd(8) for the purpose of education.
> >
> > Simple tried the following request:
> >
> > $ telnet 10.42.42.183 80
> > Trying 10.42.42.183...
> > Connected to 10.42.42.183.
> > Escape character is '^]'.
> > GET / HTTP/1.1
> > fasfsdfsfd
> >
> > Here without the colon httpd(8) return an internal server
> > error.
> >
> > Can somebody verify this behavior?
> >
> > Noticed with OpenBSD 7.0. Is this a correct behavior (RFC
> > conform)?
> >
> > Thanks in advance!
> >
> > Kind regrads,
> >
> > J. K.
>
> Hi,
>
> yes. The server should probably answer with a "Bad Request" instead.
>
> Fix below. ok?
OK claudio@
> diff --git usr.sbin/httpd/server_http.c usr.sbin/httpd/server_http.c
> index 732add41283..fce3c21af72 100644
> --- usr.sbin/httpd/server_http.c
> +++ usr.sbin/httpd/server_http.c
> @@ -268,8 +268,14 @@ server_read_http(struct bufferevent *bev, void *arg)
> else if (*key == ' ' || *key == '\t')
> /* Multiline headers wrap with a space or tab */
> value = NULL;
> - else
> + else {
> + /* Not a multiline header, should have a : */
> value = strchr(key, ':');
> + if (value == NULL) {
> + server_abort_http(clt, 400, "malformed");
> + goto abort;
> + }
> + }
> if (value == NULL) {
> if (clt->clt_line == 1) {
> server_abort_http(clt, 400, "malformed");
>
--
:wq Claudio
