[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Guile-commits] 14/23: refactoring to (web server ethreads) read-http-li
|
From: |
Andy Wingo |
|
Subject: |
[Guile-commits] 14/23: refactoring to (web server ethreads) read-http-line |
|
Date: |
Thu, 24 Mar 2016 14:26:04 +0000 |
wingo pushed a commit to branch wip-ethreads
in repository guile.
commit b620f71c71a1016bbeb3e7ed125a88925fd3a27b
Author: Andy Wingo <address@hidden>
Date: Tue Mar 27 00:14:52 2012 +0200
refactoring to (web server ethreads) read-http-line
* module/web/server/ethreads.scm (read-http-line): Use
get-latin1-string-delimited with a limit on the line length.
---
module/web/server/ethreads.scm | 23 +++++++++++++----------
1 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/module/web/server/ethreads.scm b/module/web/server/ethreads.scm
index 17ae37c..9445e8a 100644
--- a/module/web/server/ethreads.scm
+++ b/module/web/server/ethreads.scm
@@ -75,20 +75,23 @@
(throw 'bad-request msg args))
(define (read-http-line eport)
- ;; 10 and 13 are #\newline and #\return, respectively.
- (define (end-of-line? u8)
- (or (eqv? u8 10) (eqv? u8 13)))
- (call-with-values (lambda ()
- (get-bytevector-delimited eport end-of-line?))
- (lambda (bv delim)
+ (define (end-of-line? c)
+ (or (eqv? c #\newline) (eqv? c #\return)))
+ (call-with-values
+ (lambda ()
+ ;; Restrict to 512 chars to avoid denial of service attacks.
+ (get-latin1-string-delimited eport end-of-line? #:max-chars 512))
+ (lambda (str delim)
(cond
+ ((not delim)
+ (bad-request "Line too long: ~S" str))
((eof-object? delim)
- (bad-request "EOF while reading line: ~S" bv))
+ (bad-request "EOF while reading line: ~S" str))
(else
- (when (and (eqv? delim 13)
- (eqv? (lookahead-u8 eport) 10))
+ (when (and (eqv? delim #\return)
+ (eqv? (lookahead-u8 eport) (char->integer #\newline)))
(get-u8 eport))
- (utf8->string bv))))))
+ str)))))
(define (continuation-line? port)
(let ((c (lookahead-u8 port)))
- [Guile-commits] 05/23: http: allow custom read-line / continuation-line? functions, (continued)
- [Guile-commits] 05/23: http: allow custom read-line / continuation-line? functions, Andy Wingo, 2016/03/24
- [Guile-commits] 06/23: setsockopt can take an fd, Andy Wingo, 2016/03/24
- [Guile-commits] 10/23: EOF fix for continuation-line?, Andy Wingo, 2016/03/24
- [Guile-commits] 19/23: nio: add non-blocking connect, Andy Wingo, 2016/03/24
- [Guile-commits] 08/23: add #:limit to get-bytevector-delimited, Andy Wingo, 2016/03/24
- [Guile-commits] 11/23: socket: TCP_CORK, TCP_NODELAY, Andy Wingo, 2016/03/24
- [Guile-commits] 23/23: virtualize read/write/close operations in <eport>, Andy Wingo, 2016/03/24
- [Guile-commits] 15/23: (web server ethreads): more use of latin1 accessors, Andy Wingo, 2016/03/24
- [Guile-commits] 01/23: add (ice-9 nio), Andy Wingo, 2016/03/24
- [Guile-commits] 20/23: eports: nonblocking connect-eport, Andy Wingo, 2016/03/24
- [Guile-commits] 14/23: refactoring to (web server ethreads) read-http-line,
Andy Wingo <=
- [Guile-commits] 02/23: add (ice-9 eports), Andy Wingo, 2016/03/24
- [Guile-commits] 17/23: getsockopt: allow raw file descriptors, Andy Wingo, 2016/03/24
- [Guile-commits] 16/23: eports: add put-utf8-char, put-utf8-string, Andy Wingo, 2016/03/24
- [Guile-commits] 03/23: add (ice-9 epoll), Andy Wingo, 2016/03/24
- [Guile-commits] 21/23: eports tweak, Andy Wingo, 2016/03/24
- [Guile-commits] 07/23: add (web server ethreads), Andy Wingo, 2016/03/24
- [Guile-commits] 22/23: add examples/ethreads/memcached-{client, server}, Andy Wingo, 2016/03/24