diff options
author | Leah Neukirchen <leah@vuxu.org> | 2022-01-13 18:42:06 +0100 |
---|---|---|
committer | Leah Neukirchen <leah@vuxu.org> | 2022-01-13 18:42:06 +0100 |
commit | 8bf60bbd1de2a329340e88d3fb31ea30e83eed8f (patch) | |
tree | fbe8224dd989a90aac58e1e76d5efeb6a4b3c55a /LICENSE | |
parent | 39b303bffbcb52ea36b1d5e30d8531e752233505 (diff) | |
download | hittpd-8bf60bbd1de2a329340e88d3fb31ea30e83eed8f.tar.gz hittpd-8bf60bbd1de2a329340e88d3fb31ea30e83eed8f.tar.xz hittpd-8bf60bbd1de2a329340e88d3fb31ea30e83eed8f.zip |
detect and refuse pipelining
Previously, two HTTP requests within the same read() would both be parsed by http_parser_execute (and corrupted state). We don't support this, since we distinguish between reading and writing parts of the server action, and there's no way to let poll perform the writing part in this case. Detect pipelining by pausing the parser in on_message_complete and checking if we parsed fewer bytes than we passed. Then handle the first request and drop the connection; a compliant HTTP client must retry without pipelining. Found by @duncaen. Signed-off-by: Leah Neukirchen <leah@vuxu.org>
Diffstat (limited to 'LICENSE')
-rw-r--r-- | LICENSE | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/LICENSE b/LICENSE index 5d980d9..cb12f14 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright 2020, 2021 Leah Neukirchen <leah@vuxu.org> +Copyright 2020, 2021, 2022 Leah Neukirchen <leah@vuxu.org> Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to |