Mercurial > dovecot > core-2.2

changeset 22481:658e239267b2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
lib-http: message parser: Reject messages with invalid Date header when HTTP_MESSAGE_PARSE_FLAG_STRICT flag is enabled.
author Stephan Bosch <stephan.bosch@dovecot.fi>
date Thu, 27 Jul 2017 16:34:34 +0200
parents 57b725e7920b
children c5387cdc3964
files src/lib-http/http-message-parser.c src/lib-http/test-http-request-parser.c src/lib-http/test-http-response-parser.c
diffstat 3 files changed, 57 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/lib-http/http-message-parser.c	Thu Jul 27 16:30:20 2017 +0200
+++ b/src/lib-http/http-message-parser.c	Thu Jul 27 16:34:34 2017 +0200
@@ -229,7 +229,12 @@
 
 			   Date = HTTP-date
 			 */
-			(void)http_date_parse(data, size, &parser->msg.date);
+			if (!http_date_parse(data, size, &parser->msg.date) &&
+				(parser->flags & HTTP_MESSAGE_PARSE_FLAG_STRICT) != 0) {
+				parser->error = "Invalid Date header";
+				parser->error_code = HTTP_MESSAGE_PARSE_ERROR_BROKEN_MESSAGE;
+				return -1;
+			}
 			return 0;
 		}
 		break;
--- a/src/lib-http/test-http-request-parser.c	Thu Jul 27 16:30:20 2017 +0200
+++ b/src/lib-http/test-http-request-parser.c	Thu Jul 27 16:34:34 2017 +0200
@@ -139,6 +139,18 @@
 		.expect_100_continue = TRUE
 	},{ .request =
 			"GET / HTTP/1.1\r\n"
+			"Date: Mon, 09 Kul 2018 02:24:29 GMT\r\n"
+			"Host: example.com\r\n"
+			"\r\n",
+		.method = "GET",
+		.target_raw = "/",
+		.target = {
+			.format = HTTP_REQUEST_TARGET_FORMAT_ORIGIN,
+			.url = { .host_name = "example.com" }
+		},
+		.version_major = 1, .version_minor = 1,
+	},{ .request =
+			"GET / HTTP/1.1\r\n"
 			"Date: Sun, 07 Oct 2012 19:52:03 GMT\r\n"
 			"Host: example.com\r\n"
 			"Date: Sun, 13 Oct 2013 13:13:13 GMT\r\n"
@@ -370,6 +382,14 @@
 	},{
 		.request =
 			"GET / HTTP/1.1\r\n"
+			"Date: Mon, 09 Kul 2018 02:24:29 GMT\r\n"
+			"Host: example.com\r\n"
+			"\r\n",
+		.flags = HTTP_REQUEST_PARSE_FLAG_STRICT,
+		.error_code = HTTP_REQUEST_PARSE_ERROR_BROKEN_REQUEST
+	},{
+		.request =
+			"GET / HTTP/1.1\r\n"
 			"Date: Sun, 07 Oct 2012 19:52:03 GMT\r\n"
 			"Host: example.com\r\n"
 			"Date: Sun, 13 Oct 2013 13:13:13 GMT\r\n"
--- a/src/lib-http/test-http-response-parser.c	Thu Jul 27 16:30:20 2017 +0200
+++ b/src/lib-http/test-http-response-parser.c	Thu Jul 27 16:34:34 2017 +0200
@@ -56,6 +56,13 @@
 static const struct valid_parse_test_response valid_responses4[] = {
 	{
 		.status = 200,
+		.payload = "Invalid date header"
+	}
+};
+
+static const struct valid_parse_test_response valid_responses5[] = {
+	{
+		.status = 200,
 		.payload = "Duplicate headers"
 	}
 };
@@ -124,6 +131,18 @@
 	},{
 		.input =
 			"HTTP/1.1 200 OK\r\n"
+			"Date: Sun, 07 Ocu 2012 19:52:03 GMT\r\n"
+			"Content-Length: 19\r\n"
+			"Keep-Alive: timeout=15, max=99\r\n"
+			"Connection: Keep-Alive\r\n"
+			"Date: Sun, 13 Oct 2013 13:13:13 GMT\r\n"
+			"\r\n"
+			"Invalid date header",
+		.responses = valid_responses4,
+		.responses_count = N_ELEMENTS(valid_responses4)
+	},{
+		.input =
+			"HTTP/1.1 200 OK\r\n"
 			"Date: Sun, 07 Oct 2012 19:52:03 GMT\r\n"
 			"Server: Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze14\r\n"
 			"Content-Length: 17\r\n"
@@ -133,8 +152,8 @@
 			"Date: Sun, 13 Oct 2013 13:13:13 GMT\r\n"
 			"\r\n"
 			"Duplicate headers",
-		.responses = valid_responses4,
-		.responses_count = N_ELEMENTS(valid_responses4)
+		.responses = valid_responses5,
+		.responses_count = N_ELEMENTS(valid_responses5)
 	}
 };
 
@@ -263,6 +282,16 @@
 	},{
 		.input =
 			"HTTP/1.1 200 OK\r\n"
+			"Date: Sun, 07 Ocu 2012 19:52:03 GMT\r\n"
+			"Content-Length: 19\r\n"
+			"Keep-Alive: timeout=15, max=99\r\n"
+			"Connection: Keep-Alive\r\n"
+			"\r\n"
+			"Invalid date header",
+		.flags = HTTP_RESPONSE_PARSE_FLAG_STRICT
+	},{
+		.input =
+			"HTTP/1.1 200 OK\r\n"
 			"Date: Sun, 07 Oct 2012 19:52:03 GMT\r\n"
 			"Server: Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze14\r\n"
 			"Content-Length: 17\r\n"