81 Commits (a2cc330fb495cb6b6fc76389e0f72e3d6cec6104)

Author SHA1 Message Date
Stefan Bühler a2cc330fb4 [core] header parsing: use goto for error handling 4 years ago
Stefan Bühler 725d951247 [core] explicitly return 0 instead of constant result 4 years ago
Stefan Bühler ed0054c2d3 [core] split parsing header line into separate function 4 years ago
Glenn Strauss d161f53de0 [core] security: use-after-free invalid Range req 4 years ago
Glenn Strauss 3eb7902e10 [core] server.http-parseopts URL normalization opt (fixes #1720) 4 years ago
Glenn Strauss c56b21084e [core] http_kv.[ch] method, status, version str 4 years ago
Glenn Strauss 04d76e7afd [core] some header cleanup 4 years ago
Glenn Strauss cd2b51cb1a [core] fix CONNECT w strict header parsing enabled 5 years ago
Glenn Strauss e6564641d8 [core] remove unused func 5 years ago
Glenn Strauss 1367f60626 [core] isolate sock_addr manipulation 5 years ago
Glenn Strauss 60b5826849 [core] stricter validation of request-URI begin 5 years ago
Glenn Strauss fa1eef0071 [core] permit LF to end lines if !header-strict 5 years ago
Glenn Strauss 513887fa52 [core] URI scheme is case-insensitive 5 years ago
Glenn Strauss 9bc61f16cb [core] attempt to quiet coverity false positives 5 years ago
Glenn Strauss 86bb8be2c8 [core] perf: skip redundant strlen() if len known 5 years ago
Glenn Strauss 40f72a41b9 [core] omit default port from normalized host str 5 years ago
Glenn Strauss a448886485 [core] inet_pton(), inet_ntop() on (sock_addr *) 5 years ago
Glenn Strauss 1104afc49b [core] export http_request_host_policy() for reuse 5 years ago
Glenn Strauss a53f662a30 [core] remove some unused header includes 5 years ago
Glenn Strauss 14890c1c89 [core] remove redundant Content-Length digit check 5 years ago
Glenn Strauss 37dac9a23c [core] support Expect: 100-continue with HTTP/1.1 (fixes #377, #1017, #1953, #2438) 6 years ago
Glenn Strauss 4d7f5737f1 [core] support Transfer-Encoding: chunked req body (fixes #2156) 6 years ago
Glenn Strauss 8047c2f448 fix errors detected by Coverity Scan 6 years ago
Glenn Strauss 38139fa1a9 [core] permit IPv6 address scope identifier 6 years ago
Glenn Strauss fe02be7e34 [core] make server.max-request-size scopeable (fixes #1901) 6 years ago
Glenn Strauss 28841bfc3d [core] fix server.max-request-size to be precise (fixes #2131) 6 years ago
Glenn Strauss 72b133f595 fix errors detected by Coverity Scan 6 years ago
Glenn Strauss 879a282de7 fix errors detected by Coverity Scan 6 years ago
Glenn Strauss f3e36ccdbb use buffer_string_set_length() to truncate strings 6 years ago
Glenn Strauss df8032a7c8 use buffer_string_set_length() to truncate strings 6 years ago
Glenn Strauss b47494d4cd [config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) 6 years ago
Glenn Strauss 06d3c75440 [core] respond 411 Length Required if request has Transfer-Encoding: chunked (fixes #631) 6 years ago
Glenn Strauss 8abd06a7ff consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
Stefan Bühler ad3e93ea96 Use buffer API to read and modify "used" member 8 years ago
Stefan Bühler 6afad87d2e fix buffer, chunk and http_chunk API 8 years ago
Stefan Bühler d1a2356916 fix SQL injection / host name validation (thx Jann Horn) 9 years ago
Stefan Bühler 29a1070299 add comments for switch fall throughs 9 years ago
Stefan Bühler 9b36534752 [core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS 9 years ago
Stefan Bühler b5da12c008 reject non ASCII characters in HTTP header names 10 years ago
Stefan Bühler 79fed4ec04 remove whitespace at end of header keys 10 years ago
Stefan Bühler 6edfc40f93 fix DoS in Connection header value split (reported by Jesse Sipprell, CVE-2012-5533) 10 years ago
Cyril Brulebois 9c43331382 Use NULL instead of 0 where pointers are expected. 10 years ago
Stefan Bühler 01f9debec3 Fix handling of empty header list entries in http_request_split_value, fixing invalid read in valgrind (fixes #2413) 10 years ago
Stefan Bühler b748fb890d [core] accept dots in ipv6 addresses in host header (fixes #2359) 11 years ago
Stefan Bühler 17d0c36eed Read hostname from absolute uris in the request line (fixes #1937) 13 years ago
Stefan Bühler 22e8b456a9 Fix header inclusion order, always include "config.h" before any system header 13 years ago
Stefan Bühler b87d3e804b Allow digits in hostnames in more places (fixes #1148) 13 years ago
Stefan Bühler 1b2cc3bb66 Show "no uri specified -> 400" error only when "debug.log-request-header-on-error" is enabled (fixes #2030) 13 years ago
Stefan Bühler 3af67d1392 Ignore multiple "If-None-Match" headers (only use first one, fixes #753) 13 years ago
Stefan Bühler ef59a62724 Strip trailing dot from "Host:" header 14 years ago