diff options
author | Leah Neukirchen <leah@vuxu.org> | 2022-01-13 18:42:06 +0100 |
---|---|---|
committer | Leah Neukirchen <leah@vuxu.org> | 2022-01-13 18:42:06 +0100 |
commit | 8bf60bbd1de2a329340e88d3fb31ea30e83eed8f (patch) | |
tree | fbe8224dd989a90aac58e1e76d5efeb6a4b3c55a /FEATURES | |
parent | 39b303bffbcb52ea36b1d5e30d8531e752233505 (diff) | |
download | hittpd-8bf60bbd1de2a329340e88d3fb31ea30e83eed8f.tar.gz hittpd-8bf60bbd1de2a329340e88d3fb31ea30e83eed8f.tar.xz hittpd-8bf60bbd1de2a329340e88d3fb31ea30e83eed8f.zip |
detect and refuse pipelining
Previously, two HTTP requests within the same read() would both be parsed by http_parser_execute (and corrupted state). We don't support this, since we distinguish between reading and writing parts of the server action, and there's no way to let poll perform the writing part in this case. Detect pipelining by pausing the parser in on_message_complete and checking if we parsed fewer bytes than we passed. Then handle the first request and drop the connection; a compliant HTTP client must retry without pipelining. Found by @duncaen. Signed-off-by: Leah Neukirchen <leah@vuxu.org>
Diffstat (limited to 'FEATURES')
-rw-r--r-- | FEATURES | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/FEATURES b/FEATURES index 5524dd8..8afda8a 100644 --- a/FEATURES +++ b/FEATURES @@ -6,7 +6,7 @@ Features of hittpd: - HTTP 1.0 and HTTP 1.1 support - Ranges (basic variants only) - If-Modified-Since -- Keep-Alive +- Keep-Alive (but no pipelining) - IPv6 - sendfile(2) on Linux - Virtual Hosts |