From 01bffcdd9318d0b01deeabafd471ff351008bfca Mon Sep 17 00:00:00 2001 From: Paolo Insogna Date: Mon, 19 Sep 2022 14:37:21 +0200 Subject: [PATCH] http: disable chunked encoding when OBS fold is used Reviewed-By: Matteo Collina Reviewed-By: Rafael Gonzaga Reviewed-By: Vladimir de Turckheim PR-URL: #341 CVE-ID: CVE-2022-32213, CVE-2022-32215, CVE-2022-35256 --- deps/llhttp/CMakeLists.txt | 2 +- deps/llhttp/include/llhttp.h | 2 +- deps/llhttp/src/llhttp.c | 456 +++++++++--------- test/parallel/test-http-header-overflow.js | 9 +- .../test-http-missing-header-separator-cr.js | 72 ++- .../test-http-transfer-encoding-smuggling.js | 119 +++-- 6 files changed, 376 insertions(+), 284 deletions(-) diff --git a/deps/llhttp/CMakeLists.txt b/deps/llhttp/CMakeLists.txt index da0ce17b0cb3c9..6474e110a1f432 100644 --- a/deps/llhttp/CMakeLists.txt +++ b/deps/llhttp/CMakeLists.txt @@ -1,7 +1,7 @@ cmake_minimum_required(VERSION 3.5.1) cmake_policy(SET CMP0069 NEW) -project(llhttp VERSION ) +project(llhttp VERSION 6.0.10) include(GNUInstallDirs) set(CMAKE_C_STANDARD 99) diff --git a/deps/llhttp/include/llhttp.h b/deps/llhttp/include/llhttp.h index 4d5312e7aafb42..6e1e71ecbce0c2 100644 --- a/deps/llhttp/include/llhttp.h +++ b/deps/llhttp/include/llhttp.h @@ -3,7 +3,7 @@ #define LLHTTP_VERSION_MAJOR 6 #define LLHTTP_VERSION_MINOR 0 -#define LLHTTP_VERSION_PATCH 9 +#define LLHTTP_VERSION_PATCH 10 #ifndef LLHTTP_STRICT_MODE # define LLHTTP_STRICT_MODE 0 diff --git a/deps/llhttp/src/llhttp.c b/deps/llhttp/src/llhttp.c index 9a0a35bd33dad0..8e63e79cff33e1 100644 --- a/deps/llhttp/src/llhttp.c +++ b/deps/llhttp/src/llhttp.c @@ -359,8 +359,7 @@ enum llparse_state_e { s_n_llhttp__internal__n_header_value_lws, s_n_llhttp__internal__n_header_value_almost_done, s_n_llhttp__internal__n_header_value_lenient, - s_n_llhttp__internal__n_error_23, - s_n_llhttp__internal__n_header_value_lenient_failed, + s_n_llhttp__internal__n_error_24, s_n_llhttp__internal__n_header_value_otherwise, s_n_llhttp__internal__n_header_value_connection_token, s_n_llhttp__internal__n_header_value_connection_ws, @@ -814,7 +813,7 @@ int llhttp__internal__c_or_flags_6( return 0; } -int llhttp__internal__c_update_header_state_2( +int llhttp__internal__c_update_header_state_3( llhttp__internal_t* state, const unsigned char* p, const unsigned char* endp) { @@ -822,7 +821,7 @@ int llhttp__internal__c_update_header_state_2( return 0; } -int llhttp__internal__c_update_header_state_4( +int llhttp__internal__c_update_header_state_1( llhttp__internal_t* state, const unsigned char* p, const unsigned char* endp) { @@ -830,7 +829,7 @@ int llhttp__internal__c_update_header_state_4( return 0; } -int llhttp__internal__c_update_header_state_5( +int llhttp__internal__c_update_header_state_6( llhttp__internal_t* state, const unsigned char* p, const unsigned char* endp) { @@ -838,7 +837,7 @@ int llhttp__internal__c_update_header_state_5( return 0; } -int llhttp__internal__c_update_header_state_6( +int llhttp__internal__c_update_header_state_7( llhttp__internal_t* state, const unsigned char* p, const unsigned char* endp) { @@ -894,7 +893,7 @@ int llhttp__internal__c_test_flags_3( return (state->flags & 8) == 8; } -int llhttp__internal__c_test_lenient_flags_4( +int llhttp__internal__c_test_lenient_flags_5( llhttp__internal_t* state, const unsigned char* p, const unsigned char* endp) { @@ -917,7 +916,7 @@ int llhttp__internal__c_and_flags( return 0; } -int llhttp__internal__c_update_header_state_7( +int llhttp__internal__c_update_header_state_8( llhttp__internal_t* state, const unsigned char* p, const unsigned char* endp) { @@ -958,7 +957,7 @@ int llhttp__internal__c_store_http_minor( return 0; } -int llhttp__internal__c_test_lenient_flags_6( +int llhttp__internal__c_test_lenient_flags_7( llhttp__internal_t* state, const unsigned char* p, const unsigned char* endp) { @@ -1682,7 +1681,7 @@ static llparse_state_t llhttp__internal__run( goto s_n_llhttp__internal__n_header_value_discard_lws; } default: { - goto s_n_llhttp__internal__n_error_21; + goto s_n_llhttp__internal__n_error_22; } } /* UNREACHABLE */; @@ -1695,13 +1694,13 @@ static llparse_state_t llhttp__internal__run( } switch (*p) { case 9: { - goto s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1; + goto s_n_llhttp__internal__n_invoke_load_header_state_3; } case ' ': { - goto s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1; + goto s_n_llhttp__internal__n_invoke_load_header_state_3; } default: { - goto s_n_llhttp__internal__n_invoke_load_header_state_3; + goto s_n_llhttp__internal__n_invoke_load_header_state_4; } } /* UNREACHABLE */; @@ -1718,7 +1717,7 @@ static llparse_state_t llhttp__internal__run( goto s_n_llhttp__internal__n_header_value_lws; } default: { - goto s_n_llhttp__internal__n_error_22; + goto s_n_llhttp__internal__n_error_23; } } /* UNREACHABLE */; @@ -1744,32 +1743,16 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - case s_n_llhttp__internal__n_error_23: - s_n_llhttp__internal__n_error_23: { - state->error = 0x19; - state->reason = "Missing expected CR after header value"; + case s_n_llhttp__internal__n_error_24: + s_n_llhttp__internal__n_error_24: { + state->error = 0xa; + state->reason = "Invalid header value char"; state->error_pos = (const char*) p; state->_current = (void*) (intptr_t) s_error; return s_error; /* UNREACHABLE */; abort(); } - case s_n_llhttp__internal__n_header_value_lenient_failed: - s_n_llhttp__internal__n_header_value_lenient_failed: { - if (p == endp) { - return s_n_llhttp__internal__n_header_value_lenient_failed; - } - switch (*p) { - case 10: { - goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_2; - } - default: { - goto s_n_llhttp__internal__n_error_24; - } - } - /* UNREACHABLE */; - abort(); - } case s_n_llhttp__internal__n_header_value_otherwise: s_n_llhttp__internal__n_header_value_otherwise: { if (p == endp) { @@ -1780,7 +1763,7 @@ static llparse_state_t llhttp__internal__run( goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_1; } default: { - goto s_n_llhttp__internal__n_invoke_test_lenient_flags_3; + goto s_n_llhttp__internal__n_invoke_test_lenient_flags_4; } } /* UNREACHABLE */; @@ -1843,10 +1826,10 @@ static llparse_state_t llhttp__internal__run( } case ',': { p++; - goto s_n_llhttp__internal__n_invoke_load_header_state_4; + goto s_n_llhttp__internal__n_invoke_load_header_state_5; } default: { - goto s_n_llhttp__internal__n_invoke_update_header_state_4; + goto s_n_llhttp__internal__n_invoke_update_header_state_5; } } /* UNREACHABLE */; @@ -1864,7 +1847,7 @@ static llparse_state_t llhttp__internal__run( switch (match_seq.status) { case kMatchComplete: { p++; - goto s_n_llhttp__internal__n_invoke_update_header_state_2; + goto s_n_llhttp__internal__n_invoke_update_header_state_3; } case kMatchPause: { return s_n_llhttp__internal__n_header_value_connection_1; @@ -1888,7 +1871,7 @@ static llparse_state_t llhttp__internal__run( switch (match_seq.status) { case kMatchComplete: { p++; - goto s_n_llhttp__internal__n_invoke_update_header_state_5; + goto s_n_llhttp__internal__n_invoke_update_header_state_6; } case kMatchPause: { return s_n_llhttp__internal__n_header_value_connection_2; @@ -1912,7 +1895,7 @@ static llparse_state_t llhttp__internal__run( switch (match_seq.status) { case kMatchComplete: { p++; - goto s_n_llhttp__internal__n_invoke_update_header_state_6; + goto s_n_llhttp__internal__n_invoke_update_header_state_7; } case kMatchPause: { return s_n_llhttp__internal__n_header_value_connection_3; @@ -2196,7 +2179,7 @@ static llparse_state_t llhttp__internal__run( goto s_n_llhttp__internal__n_header_value_te_token_ows; } default: { - goto s_n_llhttp__internal__n_invoke_update_header_state_8; + goto s_n_llhttp__internal__n_invoke_update_header_state_9; } } /* UNREACHABLE */; @@ -2209,10 +2192,10 @@ static llparse_state_t llhttp__internal__run( } switch (*p) { case 10: { - goto s_n_llhttp__internal__n_invoke_update_header_state_7; + goto s_n_llhttp__internal__n_invoke_update_header_state_8; } case 13: { - goto s_n_llhttp__internal__n_invoke_update_header_state_7; + goto s_n_llhttp__internal__n_invoke_update_header_state_8; } case ' ': { p++; @@ -2275,7 +2258,7 @@ static llparse_state_t llhttp__internal__run( } case 10: { p++; - goto s_n_llhttp__internal__n_header_value_discard_lws; + goto s_n_llhttp__internal__n_invoke_test_lenient_flags_3; } case 13: { p++; @@ -2401,7 +2384,7 @@ static llparse_state_t llhttp__internal__run( goto s_n_llhttp__internal__n_span_end_llhttp__on_header_field_1; } default: { - goto s_n_llhttp__internal__n_invoke_update_header_state_9; + goto s_n_llhttp__internal__n_invoke_update_header_state_10; } } /* UNREACHABLE */; @@ -2426,7 +2409,7 @@ static llparse_state_t llhttp__internal__run( return s_n_llhttp__internal__n_header_field_3; } case kMatchMismatch: { - goto s_n_llhttp__internal__n_invoke_update_header_state_10; + goto s_n_llhttp__internal__n_invoke_update_header_state_11; } } /* UNREACHABLE */; @@ -2451,7 +2434,7 @@ static llparse_state_t llhttp__internal__run( return s_n_llhttp__internal__n_header_field_4; } case kMatchMismatch: { - goto s_n_llhttp__internal__n_invoke_update_header_state_10; + goto s_n_llhttp__internal__n_invoke_update_header_state_11; } } /* UNREACHABLE */; @@ -2472,7 +2455,7 @@ static llparse_state_t llhttp__internal__run( goto s_n_llhttp__internal__n_header_field_4; } default: { - goto s_n_llhttp__internal__n_invoke_update_header_state_10; + goto s_n_llhttp__internal__n_invoke_update_header_state_11; } } /* UNREACHABLE */; @@ -2496,7 +2479,7 @@ static llparse_state_t llhttp__internal__run( return s_n_llhttp__internal__n_header_field_1; } case kMatchMismatch: { - goto s_n_llhttp__internal__n_invoke_update_header_state_10; + goto s_n_llhttp__internal__n_invoke_update_header_state_11; } } /* UNREACHABLE */; @@ -2521,7 +2504,7 @@ static llparse_state_t llhttp__internal__run( return s_n_llhttp__internal__n_header_field_5; } case kMatchMismatch: { - goto s_n_llhttp__internal__n_invoke_update_header_state_10; + goto s_n_llhttp__internal__n_invoke_update_header_state_11; } } /* UNREACHABLE */; @@ -2546,7 +2529,7 @@ static llparse_state_t llhttp__internal__run( return s_n_llhttp__internal__n_header_field_6; } case kMatchMismatch: { - goto s_n_llhttp__internal__n_invoke_update_header_state_10; + goto s_n_llhttp__internal__n_invoke_update_header_state_11; } } /* UNREACHABLE */; @@ -2571,7 +2554,7 @@ static llparse_state_t llhttp__internal__run( return s_n_llhttp__internal__n_header_field_7; } case kMatchMismatch: { - goto s_n_llhttp__internal__n_invoke_update_header_state_10; + goto s_n_llhttp__internal__n_invoke_update_header_state_11; } } /* UNREACHABLE */; @@ -2600,7 +2583,7 @@ static llparse_state_t llhttp__internal__run( goto s_n_llhttp__internal__n_header_field_7; } default: { - goto s_n_llhttp__internal__n_invoke_update_header_state_10; + goto s_n_llhttp__internal__n_invoke_update_header_state_11; } } /* UNREACHABLE */; @@ -6325,7 +6308,7 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_error_20: { + s_n_llhttp__internal__n_error_21: { state->error = 0xb; state->reason = "Empty Content-Length"; state->error_pos = (const char*) p; @@ -6410,14 +6393,33 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_load_header_state: { switch (llhttp__internal__c_load_header_state(state, p, endp)) { case 2: - goto s_n_llhttp__internal__n_error_20; + goto s_n_llhttp__internal__n_error_21; default: goto s_n_llhttp__internal__n_invoke_load_header_state_1; } /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_error_21: { + s_n_llhttp__internal__n_error_20: { + state->error = 0xa; + state->reason = "Invalid header value char"; + state->error_pos = (const char*) p; + state->_current = (void*) (intptr_t) s_error; + return s_error; + /* UNREACHABLE */; + abort(); + } + s_n_llhttp__internal__n_invoke_test_lenient_flags_3: { + switch (llhttp__internal__c_test_lenient_flags_2(state, p, endp)) { + case 1: + goto s_n_llhttp__internal__n_header_value_discard_lws; + default: + goto s_n_llhttp__internal__n_error_20; + } + /* UNREACHABLE */; + abort(); + } + s_n_llhttp__internal__n_error_22: { state->error = 0x2; state->reason = "Expected LF after CR"; state->error_pos = (const char*) p; @@ -6427,6 +6429,24 @@ static llparse_state_t llhttp__internal__run( abort(); } s_n_llhttp__internal__n_invoke_update_header_state_1: { + switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1; + } + /* UNREACHABLE */; + abort(); + } + s_n_llhttp__internal__n_invoke_load_header_state_3: { + switch (llhttp__internal__c_load_header_state(state, p, endp)) { + case 8: + goto s_n_llhttp__internal__n_invoke_update_header_state_1; + default: + goto s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1; + } + /* UNREACHABLE */; + abort(); + } + s_n_llhttp__internal__n_invoke_update_header_state_2: { switch (llhttp__internal__c_update_header_state(state, p, endp)) { default: goto s_n_llhttp__internal__n_invoke_llhttp__on_header_value_complete; @@ -6437,7 +6457,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_or_flags_7: { switch (llhttp__internal__c_or_flags_3(state, p, endp)) { default: - goto s_n_llhttp__internal__n_invoke_update_header_state_1; + goto s_n_llhttp__internal__n_invoke_update_header_state_2; } /* UNREACHABLE */; abort(); @@ -6445,7 +6465,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_or_flags_8: { switch (llhttp__internal__c_or_flags_4(state, p, endp)) { default: - goto s_n_llhttp__internal__n_invoke_update_header_state_1; + goto s_n_llhttp__internal__n_invoke_update_header_state_2; } /* UNREACHABLE */; abort(); @@ -6453,7 +6473,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_or_flags_9: { switch (llhttp__internal__c_or_flags_5(state, p, endp)) { default: - goto s_n_llhttp__internal__n_invoke_update_header_state_1; + goto s_n_llhttp__internal__n_invoke_update_header_state_2; } /* UNREACHABLE */; abort(); @@ -6466,7 +6486,7 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_load_header_state_3: { + s_n_llhttp__internal__n_invoke_load_header_state_4: { switch (llhttp__internal__c_load_header_state(state, p, endp)) { case 5: goto s_n_llhttp__internal__n_invoke_or_flags_7; @@ -6482,7 +6502,7 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_error_22: { + s_n_llhttp__internal__n_error_23: { state->error = 0x3; state->reason = "Missing expected LF after header value"; state->error_pos = (const char*) p; @@ -6553,35 +6573,25 @@ static llparse_state_t llhttp__internal__run( err = llhttp__on_header_value(state, start, p); if (err != 0) { state->error = err; - state->error_pos = (const char*) (p + 1); - state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_23; + state->error_pos = (const char*) p; + state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_24; return s_error; } - p++; - goto s_n_llhttp__internal__n_error_23; - /* UNREACHABLE */; - abort(); - } - s_n_llhttp__internal__n_error_24: { - state->error = 0xa; - state->reason = "Invalid header value char"; - state->error_pos = (const char*) p; - state->_current = (void*) (intptr_t) s_error; - return s_error; + goto s_n_llhttp__internal__n_error_24; /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_test_lenient_flags_3: { + s_n_llhttp__internal__n_invoke_test_lenient_flags_4: { switch (llhttp__internal__c_test_lenient_flags_2(state, p, endp)) { case 1: goto s_n_llhttp__internal__n_header_value_lenient; default: - goto s_n_llhttp__internal__n_header_value_lenient_failed; + goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_2; } /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_3: { + s_n_llhttp__internal__n_invoke_update_header_state_4: { switch (llhttp__internal__c_update_header_state(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_value_connection; @@ -6592,7 +6602,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_or_flags_11: { switch (llhttp__internal__c_or_flags_3(state, p, endp)) { default: - goto s_n_llhttp__internal__n_invoke_update_header_state_3; + goto s_n_llhttp__internal__n_invoke_update_header_state_4; } /* UNREACHABLE */; abort(); @@ -6600,7 +6610,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_or_flags_12: { switch (llhttp__internal__c_or_flags_4(state, p, endp)) { default: - goto s_n_llhttp__internal__n_invoke_update_header_state_3; + goto s_n_llhttp__internal__n_invoke_update_header_state_4; } /* UNREACHABLE */; abort(); @@ -6608,7 +6618,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_or_flags_13: { switch (llhttp__internal__c_or_flags_5(state, p, endp)) { default: - goto s_n_llhttp__internal__n_invoke_update_header_state_3; + goto s_n_llhttp__internal__n_invoke_update_header_state_4; } /* UNREACHABLE */; abort(); @@ -6621,7 +6631,7 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_load_header_state_4: { + s_n_llhttp__internal__n_invoke_load_header_state_5: { switch (llhttp__internal__c_load_header_state(state, p, endp)) { case 5: goto s_n_llhttp__internal__n_invoke_or_flags_11; @@ -6637,32 +6647,32 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_4: { - switch (llhttp__internal__c_update_header_state_4(state, p, endp)) { + s_n_llhttp__internal__n_invoke_update_header_state_5: { + switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_value_connection_token; } /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_2: { - switch (llhttp__internal__c_update_header_state_2(state, p, endp)) { + s_n_llhttp__internal__n_invoke_update_header_state_3: { + switch (llhttp__internal__c_update_header_state_3(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_value_connection_ws; } /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_5: { - switch (llhttp__internal__c_update_header_state_5(state, p, endp)) { + s_n_llhttp__internal__n_invoke_update_header_state_6: { + switch (llhttp__internal__c_update_header_state_6(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_value_connection_ws; } /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_6: { - switch (llhttp__internal__c_update_header_state_6(state, p, endp)) { + s_n_llhttp__internal__n_invoke_update_header_state_7: { + switch (llhttp__internal__c_update_header_state_7(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_value_connection_ws; } @@ -6758,8 +6768,8 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_7: { - switch (llhttp__internal__c_update_header_state_7(state, p, endp)) { + s_n_llhttp__internal__n_invoke_update_header_state_8: { + switch (llhttp__internal__c_update_header_state_8(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_value_otherwise; } @@ -6784,8 +6794,8 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_test_lenient_flags_4: { - switch (llhttp__internal__c_test_lenient_flags_4(state, p, endp)) { + s_n_llhttp__internal__n_invoke_test_lenient_flags_5: { + switch (llhttp__internal__c_test_lenient_flags_5(state, p, endp)) { case 0: goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_7; default: @@ -6797,15 +6807,15 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_load_type_1: { switch (llhttp__internal__c_load_type(state, p, endp)) { case 1: - goto s_n_llhttp__internal__n_invoke_test_lenient_flags_4; + goto s_n_llhttp__internal__n_invoke_test_lenient_flags_5; default: goto s_n_llhttp__internal__n_header_value_te_chunked; } /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_8: { - switch (llhttp__internal__c_update_header_state_4(state, p, endp)) { + s_n_llhttp__internal__n_invoke_update_header_state_9: { + switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_value; } @@ -6828,8 +6838,8 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_test_lenient_flags_5: { - switch (llhttp__internal__c_test_lenient_flags_4(state, p, endp)) { + s_n_llhttp__internal__n_invoke_test_lenient_flags_6: { + switch (llhttp__internal__c_test_lenient_flags_5(state, p, endp)) { case 0: goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_8; default: @@ -6841,7 +6851,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_load_type_2: { switch (llhttp__internal__c_load_type(state, p, endp)) { case 1: - goto s_n_llhttp__internal__n_invoke_test_lenient_flags_5; + goto s_n_llhttp__internal__n_invoke_test_lenient_flags_6; default: goto s_n_llhttp__internal__n_invoke_or_flags_17; } @@ -6869,7 +6879,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_or_flags_18: { switch (llhttp__internal__c_or_flags_18(state, p, endp)) { default: - goto s_n_llhttp__internal__n_invoke_update_header_state_8; + goto s_n_llhttp__internal__n_invoke_update_header_state_9; } /* UNREACHABLE */; abort(); @@ -6935,8 +6945,8 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_9: { - switch (llhttp__internal__c_update_header_state_4(state, p, endp)) { + s_n_llhttp__internal__n_invoke_update_header_state_10: { + switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_field_general; } @@ -6951,8 +6961,8 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_10: { - switch (llhttp__internal__c_update_header_state_4(state, p, endp)) { + s_n_llhttp__internal__n_invoke_update_header_state_11: { + switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_field_general; } @@ -7145,8 +7155,8 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_test_lenient_flags_6: { - switch (llhttp__internal__c_test_lenient_flags_6(state, p, endp)) { + s_n_llhttp__internal__n_invoke_test_lenient_flags_7: { + switch (llhttp__internal__c_test_lenient_flags_7(state, p, endp)) { case 1: goto s_n_llhttp__internal__n_invoke_load_method_1; default: @@ -7158,7 +7168,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_store_http_minor: { switch (llhttp__internal__c_store_http_minor(state, p, endp, match)) { default: - goto s_n_llhttp__internal__n_invoke_test_lenient_flags_6; + goto s_n_llhttp__internal__n_invoke_test_lenient_flags_7; } /* UNREACHABLE */; abort(); @@ -7876,8 +7886,8 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_test_lenient_flags_7: { - switch (llhttp__internal__c_test_lenient_flags_6(state, p, endp)) { + s_n_llhttp__internal__n_invoke_test_lenient_flags_8: { + switch (llhttp__internal__c_test_lenient_flags_7(state, p, endp)) { case 1: goto s_n_llhttp__internal__n_res_http_end; default: @@ -7889,7 +7899,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_store_http_minor_1: { switch (llhttp__internal__c_store_http_minor(state, p, endp, match)) { default: - goto s_n_llhttp__internal__n_invoke_test_lenient_flags_7; + goto s_n_llhttp__internal__n_invoke_test_lenient_flags_8; } /* UNREACHABLE */; abort(); @@ -8421,8 +8431,7 @@ enum llparse_state_e { s_n_llhttp__internal__n_header_value_lws, s_n_llhttp__internal__n_header_value_almost_done, s_n_llhttp__internal__n_header_value_lenient, - s_n_llhttp__internal__n_error_17, - s_n_llhttp__internal__n_header_value_lenient_failed, + s_n_llhttp__internal__n_error_18, s_n_llhttp__internal__n_header_value_otherwise, s_n_llhttp__internal__n_header_value_connection_token, s_n_llhttp__internal__n_header_value_connection_ws, @@ -8871,7 +8880,7 @@ int llhttp__internal__c_or_flags_6( return 0; } -int llhttp__internal__c_update_header_state_2( +int llhttp__internal__c_update_header_state_3( llhttp__internal_t* state, const unsigned char* p, const unsigned char* endp) { @@ -8879,7 +8888,7 @@ int llhttp__internal__c_update_header_state_2( return 0; } -int llhttp__internal__c_update_header_state_4( +int llhttp__internal__c_update_header_state_1( llhttp__internal_t* state, const unsigned char* p, const unsigned char* endp) { @@ -8887,7 +8896,7 @@ int llhttp__internal__c_update_header_state_4( return 0; } -int llhttp__internal__c_update_header_state_5( +int llhttp__internal__c_update_header_state_6( llhttp__internal_t* state, const unsigned char* p, const unsigned char* endp) { @@ -8895,7 +8904,7 @@ int llhttp__internal__c_update_header_state_5( return 0; } -int llhttp__internal__c_update_header_state_6( +int llhttp__internal__c_update_header_state_7( llhttp__internal_t* state, const unsigned char* p, const unsigned char* endp) { @@ -8951,7 +8960,7 @@ int llhttp__internal__c_test_flags_3( return (state->flags & 8) == 8; } -int llhttp__internal__c_test_lenient_flags_4( +int llhttp__internal__c_test_lenient_flags_5( llhttp__internal_t* state, const unsigned char* p, const unsigned char* endp) { @@ -8974,7 +8983,7 @@ int llhttp__internal__c_and_flags( return 0; } -int llhttp__internal__c_update_header_state_7( +int llhttp__internal__c_update_header_state_8( llhttp__internal_t* state, const unsigned char* p, const unsigned char* endp) { @@ -9015,7 +9024,7 @@ int llhttp__internal__c_store_http_minor( return 0; } -int llhttp__internal__c_test_lenient_flags_6( +int llhttp__internal__c_test_lenient_flags_7( llhttp__internal_t* state, const unsigned char* p, const unsigned char* endp) { @@ -9715,13 +9724,13 @@ static llparse_state_t llhttp__internal__run( } switch (*p) { case 9: { - goto s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1; + goto s_n_llhttp__internal__n_invoke_load_header_state_3; } case ' ': { - goto s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1; + goto s_n_llhttp__internal__n_invoke_load_header_state_3; } default: { - goto s_n_llhttp__internal__n_invoke_load_header_state_3; + goto s_n_llhttp__internal__n_invoke_load_header_state_4; } } /* UNREACHABLE */; @@ -9738,7 +9747,7 @@ static llparse_state_t llhttp__internal__run( goto s_n_llhttp__internal__n_header_value_lws; } default: { - goto s_n_llhttp__internal__n_error_16; + goto s_n_llhttp__internal__n_error_17; } } /* UNREACHABLE */; @@ -9764,32 +9773,16 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - case s_n_llhttp__internal__n_error_17: - s_n_llhttp__internal__n_error_17: { - state->error = 0x19; - state->reason = "Missing expected CR after header value"; + case s_n_llhttp__internal__n_error_18: + s_n_llhttp__internal__n_error_18: { + state->error = 0xa; + state->reason = "Invalid header value char"; state->error_pos = (const char*) p; state->_current = (void*) (intptr_t) s_error; return s_error; /* UNREACHABLE */; abort(); } - case s_n_llhttp__internal__n_header_value_lenient_failed: - s_n_llhttp__internal__n_header_value_lenient_failed: { - if (p == endp) { - return s_n_llhttp__internal__n_header_value_lenient_failed; - } - switch (*p) { - case 10: { - goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_2; - } - default: { - goto s_n_llhttp__internal__n_error_18; - } - } - /* UNREACHABLE */; - abort(); - } case s_n_llhttp__internal__n_header_value_otherwise: s_n_llhttp__internal__n_header_value_otherwise: { if (p == endp) { @@ -9800,7 +9793,7 @@ static llparse_state_t llhttp__internal__run( goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_1; } default: { - goto s_n_llhttp__internal__n_invoke_test_lenient_flags_3; + goto s_n_llhttp__internal__n_invoke_test_lenient_flags_4; } } /* UNREACHABLE */; @@ -9863,10 +9856,10 @@ static llparse_state_t llhttp__internal__run( } case ',': { p++; - goto s_n_llhttp__internal__n_invoke_load_header_state_4; + goto s_n_llhttp__internal__n_invoke_load_header_state_5; } default: { - goto s_n_llhttp__internal__n_invoke_update_header_state_4; + goto s_n_llhttp__internal__n_invoke_update_header_state_5; } } /* UNREACHABLE */; @@ -9884,7 +9877,7 @@ static llparse_state_t llhttp__internal__run( switch (match_seq.status) { case kMatchComplete: { p++; - goto s_n_llhttp__internal__n_invoke_update_header_state_2; + goto s_n_llhttp__internal__n_invoke_update_header_state_3; } case kMatchPause: { return s_n_llhttp__internal__n_header_value_connection_1; @@ -9908,7 +9901,7 @@ static llparse_state_t llhttp__internal__run( switch (match_seq.status) { case kMatchComplete: { p++; - goto s_n_llhttp__internal__n_invoke_update_header_state_5; + goto s_n_llhttp__internal__n_invoke_update_header_state_6; } case kMatchPause: { return s_n_llhttp__internal__n_header_value_connection_2; @@ -9932,7 +9925,7 @@ static llparse_state_t llhttp__internal__run( switch (match_seq.status) { case kMatchComplete: { p++; - goto s_n_llhttp__internal__n_invoke_update_header_state_6; + goto s_n_llhttp__internal__n_invoke_update_header_state_7; } case kMatchPause: { return s_n_llhttp__internal__n_header_value_connection_3; @@ -10216,7 +10209,7 @@ static llparse_state_t llhttp__internal__run( goto s_n_llhttp__internal__n_header_value_te_token_ows; } default: { - goto s_n_llhttp__internal__n_invoke_update_header_state_8; + goto s_n_llhttp__internal__n_invoke_update_header_state_9; } } /* UNREACHABLE */; @@ -10229,10 +10222,10 @@ static llparse_state_t llhttp__internal__run( } switch (*p) { case 10: { - goto s_n_llhttp__internal__n_invoke_update_header_state_7; + goto s_n_llhttp__internal__n_invoke_update_header_state_8; } case 13: { - goto s_n_llhttp__internal__n_invoke_update_header_state_7; + goto s_n_llhttp__internal__n_invoke_update_header_state_8; } case ' ': { p++; @@ -10295,7 +10288,7 @@ static llparse_state_t llhttp__internal__run( } case 10: { p++; - goto s_n_llhttp__internal__n_header_value_discard_lws; + goto s_n_llhttp__internal__n_invoke_test_lenient_flags_3; } case 13: { p++; @@ -10421,7 +10414,7 @@ static llparse_state_t llhttp__internal__run( goto s_n_llhttp__internal__n_span_end_llhttp__on_header_field_1; } default: { - goto s_n_llhttp__internal__n_invoke_update_header_state_9; + goto s_n_llhttp__internal__n_invoke_update_header_state_10; } } /* UNREACHABLE */; @@ -10446,7 +10439,7 @@ static llparse_state_t llhttp__internal__run( return s_n_llhttp__internal__n_header_field_3; } case kMatchMismatch: { - goto s_n_llhttp__internal__n_invoke_update_header_state_10; + goto s_n_llhttp__internal__n_invoke_update_header_state_11; } } /* UNREACHABLE */; @@ -10471,7 +10464,7 @@ static llparse_state_t llhttp__internal__run( return s_n_llhttp__internal__n_header_field_4; } case kMatchMismatch: { - goto s_n_llhttp__internal__n_invoke_update_header_state_10; + goto s_n_llhttp__internal__n_invoke_update_header_state_11; } } /* UNREACHABLE */; @@ -10492,7 +10485,7 @@ static llparse_state_t llhttp__internal__run( goto s_n_llhttp__internal__n_header_field_4; } default: { - goto s_n_llhttp__internal__n_invoke_update_header_state_10; + goto s_n_llhttp__internal__n_invoke_update_header_state_11; } } /* UNREACHABLE */; @@ -10516,7 +10509,7 @@ static llparse_state_t llhttp__internal__run( return s_n_llhttp__internal__n_header_field_1; } case kMatchMismatch: { - goto s_n_llhttp__internal__n_invoke_update_header_state_10; + goto s_n_llhttp__internal__n_invoke_update_header_state_11; } } /* UNREACHABLE */; @@ -10541,7 +10534,7 @@ static llparse_state_t llhttp__internal__run( return s_n_llhttp__internal__n_header_field_5; } case kMatchMismatch: { - goto s_n_llhttp__internal__n_invoke_update_header_state_10; + goto s_n_llhttp__internal__n_invoke_update_header_state_11; } } /* UNREACHABLE */; @@ -10566,7 +10559,7 @@ static llparse_state_t llhttp__internal__run( return s_n_llhttp__internal__n_header_field_6; } case kMatchMismatch: { - goto s_n_llhttp__internal__n_invoke_update_header_state_10; + goto s_n_llhttp__internal__n_invoke_update_header_state_11; } } /* UNREACHABLE */; @@ -10591,7 +10584,7 @@ static llparse_state_t llhttp__internal__run( return s_n_llhttp__internal__n_header_field_7; } case kMatchMismatch: { - goto s_n_llhttp__internal__n_invoke_update_header_state_10; + goto s_n_llhttp__internal__n_invoke_update_header_state_11; } } /* UNREACHABLE */; @@ -10620,7 +10613,7 @@ static llparse_state_t llhttp__internal__run( goto s_n_llhttp__internal__n_header_field_7; } default: { - goto s_n_llhttp__internal__n_invoke_update_header_state_10; + goto s_n_llhttp__internal__n_invoke_update_header_state_11; } } /* UNREACHABLE */; @@ -14147,7 +14140,7 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_error_15: { + s_n_llhttp__internal__n_error_16: { state->error = 0xb; state->reason = "Empty Content-Length"; state->error_pos = (const char*) p; @@ -14232,14 +14225,51 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_load_header_state: { switch (llhttp__internal__c_load_header_state(state, p, endp)) { case 2: - goto s_n_llhttp__internal__n_error_15; + goto s_n_llhttp__internal__n_error_16; default: goto s_n_llhttp__internal__n_invoke_load_header_state_1; } /* UNREACHABLE */; abort(); } + s_n_llhttp__internal__n_error_15: { + state->error = 0xa; + state->reason = "Invalid header value char"; + state->error_pos = (const char*) p; + state->_current = (void*) (intptr_t) s_error; + return s_error; + /* UNREACHABLE */; + abort(); + } + s_n_llhttp__internal__n_invoke_test_lenient_flags_3: { + switch (llhttp__internal__c_test_lenient_flags_2(state, p, endp)) { + case 1: + goto s_n_llhttp__internal__n_header_value_discard_lws; + default: + goto s_n_llhttp__internal__n_error_15; + } + /* UNREACHABLE */; + abort(); + } s_n_llhttp__internal__n_invoke_update_header_state_1: { + switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { + default: + goto s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1; + } + /* UNREACHABLE */; + abort(); + } + s_n_llhttp__internal__n_invoke_load_header_state_3: { + switch (llhttp__internal__c_load_header_state(state, p, endp)) { + case 8: + goto s_n_llhttp__internal__n_invoke_update_header_state_1; + default: + goto s_n_llhttp__internal__n_span_start_llhttp__on_header_value_1; + } + /* UNREACHABLE */; + abort(); + } + s_n_llhttp__internal__n_invoke_update_header_state_2: { switch (llhttp__internal__c_update_header_state(state, p, endp)) { default: goto s_n_llhttp__internal__n_invoke_llhttp__on_header_value_complete; @@ -14250,7 +14280,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_or_flags_7: { switch (llhttp__internal__c_or_flags_3(state, p, endp)) { default: - goto s_n_llhttp__internal__n_invoke_update_header_state_1; + goto s_n_llhttp__internal__n_invoke_update_header_state_2; } /* UNREACHABLE */; abort(); @@ -14258,7 +14288,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_or_flags_8: { switch (llhttp__internal__c_or_flags_4(state, p, endp)) { default: - goto s_n_llhttp__internal__n_invoke_update_header_state_1; + goto s_n_llhttp__internal__n_invoke_update_header_state_2; } /* UNREACHABLE */; abort(); @@ -14266,7 +14296,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_or_flags_9: { switch (llhttp__internal__c_or_flags_5(state, p, endp)) { default: - goto s_n_llhttp__internal__n_invoke_update_header_state_1; + goto s_n_llhttp__internal__n_invoke_update_header_state_2; } /* UNREACHABLE */; abort(); @@ -14279,7 +14309,7 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_load_header_state_3: { + s_n_llhttp__internal__n_invoke_load_header_state_4: { switch (llhttp__internal__c_load_header_state(state, p, endp)) { case 5: goto s_n_llhttp__internal__n_invoke_or_flags_7; @@ -14295,7 +14325,7 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_error_16: { + s_n_llhttp__internal__n_error_17: { state->error = 0x3; state->reason = "Missing expected LF after header value"; state->error_pos = (const char*) p; @@ -14366,35 +14396,25 @@ static llparse_state_t llhttp__internal__run( err = llhttp__on_header_value(state, start, p); if (err != 0) { state->error = err; - state->error_pos = (const char*) (p + 1); - state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_17; + state->error_pos = (const char*) p; + state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_error_18; return s_error; } - p++; - goto s_n_llhttp__internal__n_error_17; - /* UNREACHABLE */; - abort(); - } - s_n_llhttp__internal__n_error_18: { - state->error = 0xa; - state->reason = "Invalid header value char"; - state->error_pos = (const char*) p; - state->_current = (void*) (intptr_t) s_error; - return s_error; + goto s_n_llhttp__internal__n_error_18; /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_test_lenient_flags_3: { + s_n_llhttp__internal__n_invoke_test_lenient_flags_4: { switch (llhttp__internal__c_test_lenient_flags_2(state, p, endp)) { case 1: goto s_n_llhttp__internal__n_header_value_lenient; default: - goto s_n_llhttp__internal__n_header_value_lenient_failed; + goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_2; } /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_3: { + s_n_llhttp__internal__n_invoke_update_header_state_4: { switch (llhttp__internal__c_update_header_state(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_value_connection; @@ -14405,7 +14425,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_or_flags_11: { switch (llhttp__internal__c_or_flags_3(state, p, endp)) { default: - goto s_n_llhttp__internal__n_invoke_update_header_state_3; + goto s_n_llhttp__internal__n_invoke_update_header_state_4; } /* UNREACHABLE */; abort(); @@ -14413,7 +14433,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_or_flags_12: { switch (llhttp__internal__c_or_flags_4(state, p, endp)) { default: - goto s_n_llhttp__internal__n_invoke_update_header_state_3; + goto s_n_llhttp__internal__n_invoke_update_header_state_4; } /* UNREACHABLE */; abort(); @@ -14421,7 +14441,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_or_flags_13: { switch (llhttp__internal__c_or_flags_5(state, p, endp)) { default: - goto s_n_llhttp__internal__n_invoke_update_header_state_3; + goto s_n_llhttp__internal__n_invoke_update_header_state_4; } /* UNREACHABLE */; abort(); @@ -14434,7 +14454,7 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_load_header_state_4: { + s_n_llhttp__internal__n_invoke_load_header_state_5: { switch (llhttp__internal__c_load_header_state(state, p, endp)) { case 5: goto s_n_llhttp__internal__n_invoke_or_flags_11; @@ -14450,32 +14470,32 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_4: { - switch (llhttp__internal__c_update_header_state_4(state, p, endp)) { + s_n_llhttp__internal__n_invoke_update_header_state_5: { + switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_value_connection_token; } /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_2: { - switch (llhttp__internal__c_update_header_state_2(state, p, endp)) { + s_n_llhttp__internal__n_invoke_update_header_state_3: { + switch (llhttp__internal__c_update_header_state_3(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_value_connection_ws; } /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_5: { - switch (llhttp__internal__c_update_header_state_5(state, p, endp)) { + s_n_llhttp__internal__n_invoke_update_header_state_6: { + switch (llhttp__internal__c_update_header_state_6(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_value_connection_ws; } /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_6: { - switch (llhttp__internal__c_update_header_state_6(state, p, endp)) { + s_n_llhttp__internal__n_invoke_update_header_state_7: { + switch (llhttp__internal__c_update_header_state_7(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_value_connection_ws; } @@ -14571,8 +14591,8 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_7: { - switch (llhttp__internal__c_update_header_state_7(state, p, endp)) { + s_n_llhttp__internal__n_invoke_update_header_state_8: { + switch (llhttp__internal__c_update_header_state_8(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_value_otherwise; } @@ -14597,8 +14617,8 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_test_lenient_flags_4: { - switch (llhttp__internal__c_test_lenient_flags_4(state, p, endp)) { + s_n_llhttp__internal__n_invoke_test_lenient_flags_5: { + switch (llhttp__internal__c_test_lenient_flags_5(state, p, endp)) { case 0: goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_7; default: @@ -14610,15 +14630,15 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_load_type_1: { switch (llhttp__internal__c_load_type(state, p, endp)) { case 1: - goto s_n_llhttp__internal__n_invoke_test_lenient_flags_4; + goto s_n_llhttp__internal__n_invoke_test_lenient_flags_5; default: goto s_n_llhttp__internal__n_header_value_te_chunked; } /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_8: { - switch (llhttp__internal__c_update_header_state_4(state, p, endp)) { + s_n_llhttp__internal__n_invoke_update_header_state_9: { + switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_value; } @@ -14641,8 +14661,8 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_test_lenient_flags_5: { - switch (llhttp__internal__c_test_lenient_flags_4(state, p, endp)) { + s_n_llhttp__internal__n_invoke_test_lenient_flags_6: { + switch (llhttp__internal__c_test_lenient_flags_5(state, p, endp)) { case 0: goto s_n_llhttp__internal__n_span_end_llhttp__on_header_value_8; default: @@ -14654,7 +14674,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_load_type_2: { switch (llhttp__internal__c_load_type(state, p, endp)) { case 1: - goto s_n_llhttp__internal__n_invoke_test_lenient_flags_5; + goto s_n_llhttp__internal__n_invoke_test_lenient_flags_6; default: goto s_n_llhttp__internal__n_invoke_or_flags_17; } @@ -14682,7 +14702,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_or_flags_18: { switch (llhttp__internal__c_or_flags_18(state, p, endp)) { default: - goto s_n_llhttp__internal__n_invoke_update_header_state_8; + goto s_n_llhttp__internal__n_invoke_update_header_state_9; } /* UNREACHABLE */; abort(); @@ -14748,8 +14768,8 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_9: { - switch (llhttp__internal__c_update_header_state_4(state, p, endp)) { + s_n_llhttp__internal__n_invoke_update_header_state_10: { + switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_field_general; } @@ -14764,8 +14784,8 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_update_header_state_10: { - switch (llhttp__internal__c_update_header_state_4(state, p, endp)) { + s_n_llhttp__internal__n_invoke_update_header_state_11: { + switch (llhttp__internal__c_update_header_state_1(state, p, endp)) { default: goto s_n_llhttp__internal__n_header_field_general; } @@ -14958,8 +14978,8 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_test_lenient_flags_6: { - switch (llhttp__internal__c_test_lenient_flags_6(state, p, endp)) { + s_n_llhttp__internal__n_invoke_test_lenient_flags_7: { + switch (llhttp__internal__c_test_lenient_flags_7(state, p, endp)) { case 1: goto s_n_llhttp__internal__n_invoke_load_method_1; default: @@ -14971,7 +14991,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_store_http_minor: { switch (llhttp__internal__c_store_http_minor(state, p, endp, match)) { default: - goto s_n_llhttp__internal__n_invoke_test_lenient_flags_6; + goto s_n_llhttp__internal__n_invoke_test_lenient_flags_7; } /* UNREACHABLE */; abort(); @@ -15680,8 +15700,8 @@ static llparse_state_t llhttp__internal__run( /* UNREACHABLE */; abort(); } - s_n_llhttp__internal__n_invoke_test_lenient_flags_7: { - switch (llhttp__internal__c_test_lenient_flags_6(state, p, endp)) { + s_n_llhttp__internal__n_invoke_test_lenient_flags_8: { + switch (llhttp__internal__c_test_lenient_flags_7(state, p, endp)) { case 1: goto s_n_llhttp__internal__n_res_http_end; default: @@ -15693,7 +15713,7 @@ static llparse_state_t llhttp__internal__run( s_n_llhttp__internal__n_invoke_store_http_minor_1: { switch (llhttp__internal__c_store_http_minor(state, p, endp, match)) { default: - goto s_n_llhttp__internal__n_invoke_test_lenient_flags_7; + goto s_n_llhttp__internal__n_invoke_test_lenient_flags_8; } /* UNREACHABLE */; abort(); diff --git a/test/parallel/test-http-header-overflow.js b/test/parallel/test-http-header-overflow.js index e53f5f05f81c31..6abbf2bafc545d 100644 --- a/test/parallel/test-http-header-overflow.js +++ b/test/parallel/test-http-header-overflow.js @@ -6,13 +6,11 @@ const assert = require('assert'); const { createServer, maxHeaderSize } = require('http'); const { createConnection } = require('net'); -const { getOptionValue } = require('internal/options'); - const CRLF = '\r\n'; const DUMMY_HEADER_NAME = 'Cookie: '; const DUMMY_HEADER_VALUE = 'a'.repeat( // Plus one is to make it 1 byte too big - maxHeaderSize - DUMMY_HEADER_NAME.length - (2 * CRLF.length) + 1 + maxHeaderSize - DUMMY_HEADER_NAME.length + 2 ); const PAYLOAD_GET = 'GET /blah HTTP/1.1'; const PAYLOAD = PAYLOAD_GET + CRLF + @@ -21,14 +19,11 @@ const PAYLOAD = PAYLOAD_GET + CRLF + const server = createServer(); server.on('connection', mustCall((socket) => { - // Legacy parser gives sligthly different response. - // This discripancy is not fixed on purpose. - const legacy = getOptionValue('--http-parser') === 'legacy'; socket.on('error', expectsError({ name: 'Error', message: 'Parse Error: Header overflow', code: 'HPE_HEADER_OVERFLOW', - bytesParsed: maxHeaderSize + PAYLOAD_GET.length - (legacy ? -1 : 0), + bytesParsed: maxHeaderSize + PAYLOAD_GET.length + (CRLF.length * 2) + 1, rawPacket: Buffer.from(PAYLOAD) })); })); diff --git a/test/parallel/test-http-missing-header-separator-cr.js b/test/parallel/test-http-missing-header-separator-cr.js index a1fa7a532f1606..1129ec4ed96e87 100644 --- a/test/parallel/test-http-missing-header-separator-cr.js +++ b/test/parallel/test-http-missing-header-separator-cr.js @@ -6,21 +6,7 @@ const assert = require('assert'); const http = require('http'); const net = require('net'); -const msg = [ - 'GET / HTTP/1.1', - 'Host: localhost', - 'Dummy: x\nContent-Length: 23', - '', - 'GET / HTTP/1.1', - 'Dummy: GET /admin HTTP/1.1', - 'Host: localhost', - '', - '', -].join('\r\n'); - -const server = http.createServer(common.mustNotCall()); - -server.listen(0, common.mustSucceed(() => { +function serverHandler(server, msg) { const client = net.connect(server.address().port, 'localhost'); let response = ''; @@ -40,4 +26,58 @@ server.listen(0, common.mustSucceed(() => { })); client.write(msg); client.resume(); -})); +} + +{ + const msg = [ + 'GET / HTTP/1.1', + 'Host: localhost', + 'Dummy: x\nContent-Length: 23', + '', + 'GET / HTTP/1.1', + 'Dummy: GET /admin HTTP/1.1', + 'Host: localhost', + '', + '', + ].join('\r\n'); + + const server = http.createServer(common.mustNotCall()); + + server.listen(0, common.mustSucceed(serverHandler.bind(null, server, msg))); +} + +{ + const msg = [ + 'POST / HTTP/1.1', + 'Host: localhost', + 'x:x\nTransfer-Encoding: chunked', + '', + '1', + 'A', + '0', + '', + '', + ].join('\r\n'); + + const server = http.createServer(common.mustNotCall()); + + server.listen(0, common.mustSucceed(serverHandler.bind(null, server, msg))); +} + +{ + const msg = [ + 'POST / HTTP/1.1', + 'Host: localhost', + 'x:\nTransfer-Encoding: chunked', + '', + '1', + 'A', + '0', + '', + '', + ].join('\r\n'); + + const server = http.createServer(common.mustNotCall()); + + server.listen(0, common.mustSucceed(serverHandler.bind(null, server, msg))); +} diff --git a/test/parallel/test-http-transfer-encoding-smuggling.js b/test/parallel/test-http-transfer-encoding-smuggling.js index 50c44ca5fc62ab..472b717022d7e1 100644 --- a/test/parallel/test-http-transfer-encoding-smuggling.js +++ b/test/parallel/test-http-transfer-encoding-smuggling.js @@ -6,47 +6,84 @@ const assert = require('assert'); const http = require('http'); const net = require('net'); -const msg = [ - 'POST / HTTP/1.1', - 'Host: 127.0.0.1', - 'Transfer-Encoding: chunked', - 'Transfer-Encoding: chunked-false', - 'Connection: upgrade', - '', - '1', - 'A', - '0', - '', - 'GET /flag HTTP/1.1', - 'Host: 127.0.0.1', - '', - '', -].join('\r\n'); - -const server = http.createServer(common.mustNotCall((req, res) => { - res.end(); -}, 1)); - -server.listen(0, common.mustSucceed(() => { - const client = net.connect(server.address().port, 'localhost'); - - let response = ''; - - // Verify that the server listener is never called - - client.on('data', common.mustCall((chunk) => { - response += chunk; +{ + const msg = [ + 'POST / HTTP/1.1', + 'Host: 127.0.0.1', + 'Transfer-Encoding: chunked', + 'Transfer-Encoding: chunked-false', + 'Connection: upgrade', + '', + '1', + 'A', + '0', + '', + 'GET /flag HTTP/1.1', + 'Host: 127.0.0.1', + '', + '', + ].join('\r\n'); + + const server = http.createServer(common.mustNotCall((req, res) => { + res.end(); + }, 1)); + + server.listen(0, common.mustSucceed(() => { + const client = net.connect(server.address().port, 'localhost'); + + let response = ''; + + // Verify that the server listener is never called + + client.on('data', common.mustCall((chunk) => { + response += chunk; + })); + + client.setEncoding('utf8'); + client.on('error', common.mustNotCall()); + client.on('end', common.mustCall(() => { + assert.strictEqual( + response, + 'HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n' + ); + server.close(); + })); + client.write(msg); + client.resume(); })); +} + +{ + const msg = [ + 'POST / HTTP/1.1', + 'Host: 127.0.0.1', + 'Transfer-Encoding: chunked', + ' , chunked-false', + 'Connection: upgrade', + '', + '1', + 'A', + '0', + '', + 'GET /flag HTTP/1.1', + 'Host: 127.0.0.1', + '', + '', + ].join('\r\n'); + + const server = http.createServer(common.mustCall((request, response) => { + assert.notStrictEqual(request.url, '/admin'); + response.end('hello world'); + }), 1); + + server.listen(0, common.mustSucceed(() => { + const client = net.connect(server.address().port, 'localhost'); + + client.on('end', common.mustCall(function() { + server.close(); + })); - client.setEncoding('utf8'); - client.on('error', common.mustNotCall()); - client.on('end', common.mustCall(() => { - assert.strictEqual( - response, - 'HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n' - ); - server.close(); + client.write(msg); + client.resume(); })); - client.write(msg); - client.resume(); -})); +}