From ce5d4774804592335765e9a42c13ef0a11d2bd2f Mon Sep 17 00:00:00 2001 From: Leah Neukirchen Date: Fri, 8 May 2020 00:59:29 +0200 Subject: reject HTTP/0.9 requests --- hittpd.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'hittpd.c') diff --git a/hittpd.c b/hittpd.c index 5ac3a8d..2885c21 100644 --- a/hittpd.c +++ b/hittpd.c @@ -285,10 +285,11 @@ send_error(http_parser *p, int status, const char *msg) httpdate(time(0), now); int len = snprintf(buf, sizeof buf, - "HTTP/1.%d %d %s\r\n" + "HTTP/%d.%d %d %s\r\n" "Content-Length: %ld\r\n" "Date: %s\r\n" "\r\n", + p->http_major, p->http_minor, status, msg, (data->last = 4 + strlen(msg) + 2), @@ -446,6 +447,11 @@ on_message_complete(http_parser *p) { data->state = SENDING; + if (p->http_major == 0 && p->http_minor == 9) { + send_error(p, 400, "Bad Request"); + return 0; + } + char path[PATH_MAX]; char name[PATH_MAX + 128]; char *s = data->path, *t = path; @@ -730,7 +736,8 @@ finish_response(int i) close_connection(i); else if (parsers[i].flags & F_CONNECTION_KEEP_ALIVE) ; - else if (parsers[i].http_major == 1 && parsers[i].http_minor == 0) + else if ((parsers[i].http_major == 1 && parsers[i].http_minor == 0) || + parsers[i].http_major == 0) close_connection(i); // HTTP 1.0 default } -- cgit 1.4.1