diff options
author | erdgeist <> | 2008-12-05 20:34:24 +0000 |
---|---|---|
committer | erdgeist <> | 2008-12-05 20:34:24 +0000 |
commit | 23be5c4d55d0bf028619064e8d5700dd1af6e1a3 (patch) | |
tree | 394a06ffe6b84afcce6da06d1673257c4605d502 | |
parent | 71207993795429e6cef5731c0111e21da7534926 (diff) |
Let's give a damn about syntactical correctness of peer's http strings. It's too expensive on both sides to check and to reject.
-rw-r--r-- | ot_http.c | 4 |
1 files changed, 0 insertions, 4 deletions
@@ -504,10 +504,6 @@ ssize_t http_handle_request( const int64 client_socket, char *data, size_t recv_ | |||
504 | /* This one implicitely tests strlen < 5, too -- remember, it is \n terminated */ | 504 | /* This one implicitely tests strlen < 5, too -- remember, it is \n terminated */ |
505 | if( byte_diff( data, 5, "GET /") ) HTTPERROR_400; | 505 | if( byte_diff( data, 5, "GET /") ) HTTPERROR_400; |
506 | 506 | ||
507 | /* Query string MUST terminate with SP -- we know that theres at least a '\n' where this search terminates */ | ||
508 | for( c = data + 5; *c!=' ' && *c != '\t' && *c != '\n' && *c != '\r'; ++c ) ; | ||
509 | if( *c != ' ' ) HTTPERROR_400; | ||
510 | |||
511 | /* Skip leading '/' */ | 507 | /* Skip leading '/' */ |
512 | for( c = data+4; *c == '/'; ++c); | 508 | for( c = data+4; *c == '/'; ++c); |
513 | 509 | ||