From: Mikko Rasa Date: Fri, 9 Dec 2022 17:54:16 +0000 (+0200) Subject: Reject HTTP messages starting with a linefeed X-Git-Url: http://git.tdb.fi/?a=commitdiff_plain;h=363778f74fba9d9b85980df0590f8106dfd0a6b0;p=libs%2Fnet.git Reject HTTP messages starting with a linefeed It would make str[lf-1] invalid. Also ignore the carriage return at the end of the first line when parsing a response. --- diff --git a/source/http/request.cpp b/source/http/request.cpp index 54b0bee..15056d6 100644 --- a/source/http/request.cpp +++ b/source/http/request.cpp @@ -28,6 +28,8 @@ string Request::str() const Request Request::parse(const string &str) { string::size_type lf = str.find('\n'); + if(lf==0) + throw invalid_argument("Request::parse"); vector parts = split(str.substr(0, lf-(str[lf-1]=='\r')), ' ', 2); if(parts.size()<3) throw invalid_argument("Request::parse"); diff --git a/source/http/response.cpp b/source/http/response.cpp index 739a20f..6fa4cc3 100644 --- a/source/http/response.cpp +++ b/source/http/response.cpp @@ -24,7 +24,9 @@ Response Response::parse(const string &str) Response result; string::size_type lf = str.find('\n'); - vector parts = split(str.substr(0, lf), ' ', 2); + if(lf==0) + throw invalid_argument("Response::parse"); + vector parts = split(str.substr(0, lf-(str[lf-1]=='\r')), ' ', 2); if(parts.size()<2) throw invalid_argument("Response::parse");