Hi, On Mon, Mar 28, 2022 at 1:48 AM LemonBoy <[email protected]> wrote:
> *@LemonBoy* commented on this pull request. > ------------------------------ > > In src/channel.c > <https://github.com/vim/vim/pull/10025#discussion_r836191546>: > > > + * It has the following two fields: > + * > + * Content-Length: ... > + * Content-Type: application/vscode-jsonrpc; charset=utf-8 > + * > + * Each field ends with "\r\n". The header ends with an additional "\r\n". > + */ > + static int > +channel_skip_lsp_http_hdr(js_read_T *reader) > +{ > + char_u *p; > + > + // We find the end once, to avoid calling strlen() many times. > + reader->js_end = reader->js_buf + STRLEN(reader->js_buf); > + > + // skip the HTTP header > > The logic here looks a bit fragile as it assumes a fixed order of header > fields (that's irrelevant according to RFC7320 3.2.2) and a fixed number of > them (the LSP specification only states there's at least one entry "and > that at least one header is mandatory"). > A better solution would be to iterate line by line (terminated by \r\n) > until an empty one is found and parsing/validating each header entry that's > found. > Some validation of the parsed data is also needed as: > > - The Content-Length *must* match the effective payload length > according to the HTTP spec and it can be easily used to check if the given > request has been fully received, delaying the parsing otherwise. > > > > When a Content-Length is given in a message where a message-body is allowed, > its field value MUST exactly match the number of OCTETs in the message-body. > HTTP/1.1 user agents MUST notify the user when an invalid length is received > and detected. > > Thanks for the feedback. I have updated the PR to process the HTTP header correctly and check for these conditions. Let me know if any other cases need to be handled. Regards, Yegappan > > - Content-Type must contain utf8 or utf-8 to make the code more robust > wrt encoding changes. > > > -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/vim_dev/CAAW7x7kMeiuXfUL_jCu8Lgv2AJTW4GJpoP5_USfUwRmQMgq2zQ%40mail.gmail.com.
