#174 修正HTTP1解析层在解析HTTP头部时，误采用前缀匹配判断头部是否为标准定义的问题。

* 原实现在判断请求/应答头部字段是否为标准头部时，没有判断传入字符串长度是否相等，导致当传入字符串为标准头部的前缀时误将其解析为标准头部； * 现修正，增加判断字符串长度的流程，当字符串长度完全相等时再执行字符串匹配。
2019-09-23 19:07:32 +08:00
parent cd0fd187ad
commit ce8c8cd899
2 changed files with 18 additions and 4 deletions
--- a/plugin/protocol/http/src/http_half.cpp
+++ b/plugin/protocol/http/src/http_half.cpp
@@ -20,12 +20,19 @@ static enum tfe_http_std_field __str_header_field_to_std_field_id(const char * s
 	/* TODO: store the header text in hash table or rbtree, or use AC multistring search algo. */
 	for (unsigned int i = 0; i < __str_std_header_field_map_size; i++)
 	{
-		const char * __std_header_field = __str_std_header_field_map[i];
-		if (__std_header_field == NULL)
+		const char * std_header_field_iter = __str_std_header_field_map[i];
+		if (std_header_field_iter == NULL)
 			continue;

-		size_t __compare_length = MIN(strlen(__std_header_field), len);
-		if (evutil_ascii_strncasecmp(__std_header_field, str_field, __compare_length) != 0)
+		/* std_header_field_iter must contains '\0' */
+		size_t std_field_length = strlen(std_header_field_iter);
+		/* but the str_field may don't contains '\0', so must use strnlen */
+		size_t field_length = strnlen(str_field, len);
+
+		if (std_field_length != field_length)
+			continue;
+
+		if (strncasecmp(std_header_field_iter, str_field, std_field_length) != 0)
 			continue;

 		return (enum tfe_http_std_field) i;
--- a/plugin/protocol/http/test/test_http_half.cpp
+++ b/plugin/protocol/http/test/test_http_half.cpp
@@ -46,6 +46,7 @@ static const char * __get_http_request_no_body =
 	"GET /gfwlist/gfwlist/master/gfwlist.txt HTTP/1.1\r\n"
 	"Host: raw.githubusercontent.com\r\n"
 	"Connection: close\r\n"
+ 	"User: User-Test\r\n"
 	"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36\r\n"
 	"Accept: */*\r\n"
 	"Accept-Encoding: gzip, deflate\r\n"
@@ -82,6 +83,12 @@ void __get_http_request_header_verify_helper(struct http_half_private * hf_priva
 	EXPECT_EQ(field_name.field_id, TFE_HTTP_CONNECTION);
 	EXPECT_STREQ(hdr_value, "close");

+	/* User */
+	hdr_value = tfe_http_field_iterate(hf_public, &__iterator, &field_name);
+	EXPECT_EQ(field_name.field_id, TFE_HTTP_UNKNOWN_FIELD);
+	EXPECT_STREQ(field_name.field_name, "User");
+	EXPECT_STREQ(hdr_value, "User-Test");
+
 	/* User-Agent */
 	hdr_value = tfe_http_field_iterate(hf_public, &__iterator, &field_name);
 	EXPECT_EQ(field_name.field_id, TFE_HTTP_USER_AGENT);