Reject HTTP messages starting with a linefeed

It would make str[lf-1] invalid.  Also ignore the carriage return at the
end of the first line when parsing a response.

diff --git a/source/http/request.cpp b/source/http/request.cpp
index 54b0beeaa9cb4f7e908f995a2d0d328bc1bf91a0..15056d60d9a7d82f32ad180ea819170ac4549086 100644 (file)
--- a/source/http/request.cpp
+++ b/source/http/request.cpp
@@ -28,6 +28,8 @@ string Request::str() const
 Request Request::parse(const string &str)
 {
        string::size_type lf = str.find('\n');
+       if(lf==0)
+               throw invalid_argument("Request::parse");
        vector<string> parts = split(str.substr(0, lf-(str[lf-1]=='\r')), ' ', 2);
        if(parts.size()<3)
                throw invalid_argument("Request::parse");

diff --git a/source/http/response.cpp b/source/http/response.cpp
index 739a20f3da2fa2ba6503e13b216ba842b9403ec3..6fa4cc333a58d6c4bee716987428310bdc6daf85 100644 (file)
--- a/source/http/response.cpp
+++ b/source/http/response.cpp
@@ -24,7 +24,9 @@ Response Response::parse(const string &str)
        Response result;
 
        string::size_type lf = str.find('\n');
-       vector<string> parts = split(str.substr(0, lf), ' ', 2);
+       if(lf==0)
+               throw invalid_argument("Response::parse");
+       vector<string> parts = split(str.substr(0, lf-(str[lf-1]=='\r')), ' ', 2);
        if(parts.size()<2)
                throw invalid_argument("Response::parse");