From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1n9GIl-0005NN-Qe for mharc-grub-devel@gnu.org; Sun, 16 Jan 2022 19:55:15 -0500 Received: from eggs.gnu.org ([209.51.188.92]:48460) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n9GIj-0005KX-1M for grub-devel@gnu.org; Sun, 16 Jan 2022 19:55:13 -0500 Received: from [2a00:1450:4864:20::333] (port=35720 helo=mail-wm1-x333.google.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1n9GIh-0001om-2b for grub-devel@gnu.org; Sun, 16 Jan 2022 19:55:12 -0500 Received: by mail-wm1-x333.google.com with SMTP id q9-20020a7bce89000000b00349e697f2fbso19969343wmj.0 for ; Sun, 16 Jan 2022 16:55:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=huBIwswLiY5umlT2C2IA+w+7GGRQBrhVBMgJNTO3NIA=; b=hK116w5JBYwBe7AMP4Lp1jhrgRfMBYtMq3Qf8UMN05xpfmC9VPnmh5pfYJyiVe6g/Q faOcU7t9wIGmoa1IVBaUfxM4rsFEYo4p0UdDc0p//cOadCZATz/drQYvDUlVkSjPkgLC GkqhHEO2bZ4W7+gFYkNQy9SzsHnenDAN85MXTzmEWPPUy9SeCyqiaQzJ6vtLgTEapevQ UJEpIWlIDL+9gH/0m2r4cN7vb3q+zuIUpqBtaZNlzllMKP12WcU3PHA2NP1uQsn1auOB JDgFmO3fXm8EWR8f02Tdf5Gxg1H6kAN1yy3rVvOtf79PQvDymIZj2QWVJUAglZx4mOdf 7Xhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=huBIwswLiY5umlT2C2IA+w+7GGRQBrhVBMgJNTO3NIA=; b=guZlHfsRRhFuBZBlICBsZvmereF6tlsKhF0jQORsbqZontwbUD6gE5sAgFhcrOumby WeIw/tf383Oab6WxweGBcN1dnDhxOupf/7gMDD8cqyVb19iEfsOA4SmABrIy8TrMd9ea +dGnOil/m4tBWHXhli6GrExLEyvGH6XE8yIMXlpekEFRNVAGarB5FOivZ4TUWFl9OrtC VdwbkYsXbMMcWiTUCuzF+DUaoA1SM349UvXCEQPGPvfhusRUX4NI2tF6RA7fnixtSuT4 VAnuaLD8Uskpq7bpHAT8pJBhXf3DHbVymMVDeT9gNhm3um7FumgEY/6Ancuelp9QmR/4 WJkQ== X-Gm-Message-State: AOAM532d7Lpj3vADv606smWHGV5CILqIXSOPyXjX16v60NdnCnHyJ2qQ rAnU5vgCVEm361XhLqJZ4pPmvf5YWEQYIw== X-Google-Smtp-Source: ABdhPJzspYVe/WVSL9ln2Uk9m5WS/U5UwK95VBNbUmPObUjTItyTbHeGC71ucT9rbgnBjT8QWJLTfw== X-Received: by 2002:a5d:6806:: with SMTP id w6mr7877645wru.636.1642380907985; Sun, 16 Jan 2022 16:55:07 -0800 (PST) Received: from JamoPC2022-Ubuntu.. (17.red-81-39-144.dynamicip.rima-tde.net. [81.39.144.17]) by smtp.gmail.com with ESMTPSA id n15sm9218675wrf.79.2022.01.16.16.55.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 16 Jan 2022 16:55:07 -0800 (PST) From: Jamo To: The development of GNU GRUB Cc: Jamo Subject: [PATCH v2] http: parse HTTP headers case-insensitive Date: Mon, 17 Jan 2022 01:54:39 +0100 Message-Id: <20220117005439.407005-1-jamofer@gmail.com> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a00:1450:4864:20::333 (failed) Received-SPF: pass client-ip=2a00:1450:4864:20::333; envelope-from=jamofer@gmail.com; helo=mail-wm1-x333.google.com X-Spam_score_int: -12 X-Spam_score: -1.3 X-Spam_bar: - X-Spam_report: (-1.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, PDS_HP_HELO_NORDNS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2022 00:55:13 -0000 According to https://www.ietf.org/rfc/rfc2616.txt 4.2, header names shall be case insensitive and we are now forced to read headers like "Content-Length" capitalized. The problem with that is when a HTTP server responds with a "content-length" header in lowercase, GRUB gets stuck because HTTP module doesn't know the length of the transmission and the call never ends. --- v2: compare header value ignoring lws content-size value parsing should start after 'Content-Size:' extract check header and its value in two functions First of all, thank you for helping me how to contribute sending patches through mail and with your suggestions. I applied the suggestions you told about and I extracted that logic into two new static functions in order to increase code readability. I know that sizeof("inline string") would have better performance if I have done it inline but if I try to apply it inside the extracted function it will always return the size of the bigger const string passed to the function. I think that kind of optimization here it doesn't worth VS code readability, we are not going to deal with a large number of headers. I still not very sure about the naming of "is_header" and "is_header_value". And "is_header_value" is only valid when it is a header without multiple values. As far as I understand if we had headers with multiple values we should admit multi-line values starting with LWS, to have the header name more than once, to parse elements by commas... I think if we have to deal with that in the future the code could be refactored instead of doing it now. I have another doubt, I see that the project has some unit tests but the http module is all static functions. I've been doing these unit tests out of the project with the two new functions I added trying the possible cases succesfully. Should I adapt the code in order to be testable and include the tests that confirms my patch works? Thank you very much! grub-core/net/http.c | 41 +++++++++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/grub-core/net/http.c b/grub-core/net/http.c index b616cf40b..aed40f536 100644 --- a/grub-core/net/http.c +++ b/grub-core/net/http.c @@ -62,6 +62,37 @@ have_ahead (struct grub_file *file) return ret; } +static int +is_header (char *ptr, const char* name) +{ + grub_size_t length = grub_strlen (name); + return grub_strncasecmp (name, ptr, length) == 0 && ptr[length] == ':'; +} + +static int +is_header_value (char *ptr, const char* value) +{ + char *ptr_start = ptr; + char *ptr_end = ptr + strlen (ptr); + grub_size_t value_length = strlen (value); + + while(ptr_start && *ptr_start != ':') + ptr_start++; + + if (*ptr_start == ':') + ptr_start++; + + while (grub_isspace (*ptr_start)) + ptr_start++; + while (grub_isspace (ptr_end[-1])) + ptr_end--; + + if (value_length != (grub_size_t)(ptr_end - ptr_start)) + return 0; + + return strncasecmp (value, ptr_start, value_length) == 0; +} + static grub_err_t parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) { @@ -130,18 +161,16 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) data->first_line_recv = 1; return GRUB_ERR_NONE; } - if (grub_memcmp (ptr, "Content-Length: ", sizeof ("Content-Length: ") - 1) - == 0 && !data->size_recv) + if (is_header (ptr, "Content-Length") && !data->size_recv) { - ptr += sizeof ("Content-Length: ") - 1; + ptr += sizeof ("Content-Length:") - 1; file->size = grub_strtoull (ptr, (const char **)&ptr, 10); data->size_recv = 1; return GRUB_ERR_NONE; } - if (grub_memcmp (ptr, "Transfer-Encoding: chunked", - sizeof ("Transfer-Encoding: chunked") - 1) == 0) + if (is_header (ptr, "Transfer-Encoding")) { - data->chunked = 1; + data->chunked = is_header_value (ptr, "chunked"); return GRUB_ERR_NONE; } -- 2.32.0