[bknr-cvs] hans changed trunk/thirdparty/hunchentoot/headers.lisp
BKNR Commits
bknr at bknr.net
Mon Aug 29 08:48:51 UTC 2011
Revision: 4674
Author: hans
URL: http://bknr.net/trac/changeset/4674
Reject requests with non-ASCII characters in request line.
U trunk/thirdparty/hunchentoot/headers.lisp
Modified: trunk/thirdparty/hunchentoot/headers.lisp
===================================================================
--- trunk/thirdparty/hunchentoot/headers.lisp 2011-08-29 07:42:59 UTC (rev 4673)
+++ trunk/thirdparty/hunchentoot/headers.lisp 2011-08-29 08:48:51 UTC (rev 4674)
@@ -224,13 +224,16 @@
(read-line* stream)))
((or end-of-file #-:lispworks usocket:timeout-error) ())))
-(defun send-bad-request-response (stream)
+(defun send-bad-request-response (stream &optional additional-info)
"Send a ``Bad Request'' response to the client."
(write-sequence (flex:string-to-octets
- (format nil "HTTP/1.0 ~D ~A~C~CConnection: close~C~C~C~CYour request could not be interpreted by this HTTP server~C~C"
+ (format nil "HTTP/1.0 ~D ~A~C~CConnection: close~C~C~C~CYour request could not be interpreted by this HTTP server~C~C~@[~A~]~C~C"
+http-bad-request+ (reason-phrase +http-bad-request+) #\Return #\Linefeed
- #\Return #\Linefeed #\Return #\Linefeed #\Return #\Linefeed))
+ #\Return #\Linefeed #\Return #\Linefeed #\Return #\Linefeed additional-info #\Return #\Linefeed))
stream))
+
+(defun printable-ascii-char-p (char)
+ (<= 32 (char-code char) 126))
(defun get-request-data (stream)
"Reads incoming headers from the client via STREAM. Returns as
@@ -239,6 +242,9 @@
(with-character-stream-semantics
(let ((first-line (read-initial-request-line stream)))
(when first-line
+ (unless (every #'printable-ascii-char-p first-line)
+ (send-bad-request-response stream "Non-ASCII character in request line")
+ (return-from get-request-data nil))
(destructuring-bind (&optional method url-string protocol)
(split "\\s+" first-line :limit 3)
(unless url-string
More information about the Bknr-cvs
mailing list