detect empty URIs in requests as bad request, status 400

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@773 152afb58-edef-0310-8abb-c4023f1b3aa9
17 years ago · ac7db634f6
4 changed files with 36 additions and 1 deletions
--- a/src/buffer.c
+++ b/src/buffer.c
@ -893,6 +893,11 @@ int buffer_path_simplify(buffer *dest, buffer *src)
 	}
 	*(out++) = pre1;

+	if (pre1 == '\0') {
+		dest->used = (out - start) + 1;
+		return 0;
+	}
+
 	while (1) {
 		if (c == '/' || c == '\0') {
 			toklen = out - slash;
--- a/src/request.c
+++ b/src/request.c
@ -483,6 +483,21 @@ int http_request_parse(server *srv, connection *con) {
 	}
 	
 	in_folding = 0;
+
+	if (con->request.uri->used == 1) {
+		con->http_status = 400;
+		con->response.keep_alive = 0;
+		con->keep_alive = 0;
+
+		log_error_write(srv, __FILE__, __LINE__, "s", "no uri specified -> 400");
+		if (srv->srvconf.log_request_header_on_error) {
+			log_error_write(srv, __FILE__, __LINE__, "Sb",
+							"request-header:\n",
+							con->request.request);
+		}
+		return 0;
+	}
+
 	
 	for (; i < con->parse_request->used && !done; i++) {
 		char *cur = con->parse_request->ptr + i;
--- a/tests/core-request.t
+++ b/tests/core-request.t
@ -8,7 +8,7 @@ BEGIN {

 use strict;
 use IO::Socket;
-use Test::More tests => 31;
+use Test::More tests => 33;
 use LightyTest;

 my $tf = LightyTest->new();
@ -259,6 +259,20 @@ EOF
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'Content-Type' => 'application/octet-stream' } ];
 ok($tf->handle_http($t) == 0, 'Content-Type - unknown');

+$t->{REQUEST}  = ( <<EOF
+GET  HTTP/1.0
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 400 } ];
+ok($tf->handle_http($t) == 0, 'empty request-URI');
+
+$t->{REQUEST}  = ( <<EOF
+GET /Foo.txt HTTP/1.0
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'uppercase filenames');
+

 ok($tf->stop_proc == 0, "Stopping lighttpd");

--- a/tests/prepare.sh
+++ b/tests/prepare.sh
@ -41,6 +41,7 @@ cp $srcdir/lighttpd.htpasswd $tmpdir/
 cp $srcdir/var-include-sub.conf $tmpdir/../
 touch $tmpdir/servers/www.example.org/pages/image.jpg \
      $tmpdir/servers/www.example.org/pages/image.JPG \
+      $tmpdir/servers/www.example.org/pages/Foo.txt \
      $tmpdir/servers/www.example.org/pages/a

 printf "%-40s" "preparing infrastructure"