Skip to content

Commit 2101d70

Browse files
committed
http: validate HTTP version
1 parent 75b4512 commit 2101d70

File tree

3 files changed

+58
-2
lines changed

3 files changed

+58
-2
lines changed

src/llhttp/http.ts

Lines changed: 28 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -258,7 +258,20 @@ export class HTTP {
258258
.otherwise(p.error(ERROR.INVALID_VERSION, 'Expected dot'));
259259

260260
n('res_http_minor')
261-
.select(MINOR, this.store('http_minor', 'res_http_end'))
261+
.select(MINOR, this.store('http_minor',
262+
this.load('http_major', {
263+
0: this.load('http_minor', {
264+
9: n('res_http_end'),
265+
}, p.error(ERROR.INVALID_VERSION, 'Invalid HTTP version')),
266+
1: this.load('http_minor', {
267+
0: n('res_http_end'),
268+
1: n('res_http_end'),
269+
}, p.error(ERROR.INVALID_VERSION, 'Invalid HTTP version')),
270+
2: this.load('http_minor', {
271+
0: n('res_http_end'),
272+
}, p.error(ERROR.INVALID_VERSION, 'Invalid HTTP version')),
273+
}, p.error(ERROR.INVALID_VERSION, 'Invalid HTTP version')),
274+
))
262275
.otherwise(p.error(ERROR.INVALID_VERSION, 'Invalid minor version'));
263276

264277
n('res_http_end')
@@ -364,7 +377,20 @@ export class HTTP {
364377
.otherwise(p.error(ERROR.INVALID_VERSION, 'Expected dot'));
365378

366379
n('req_http_minor')
367-
.select(MINOR, this.store('http_minor', 'req_http_end'))
380+
.select(MINOR, this.store('http_minor',
381+
this.load('http_major', {
382+
0: this.load('http_minor', {
383+
9: n('req_http_end'),
384+
}, p.error(ERROR.INVALID_VERSION, 'Invalid HTTP version')),
385+
1: this.load('http_minor', {
386+
0: n('req_http_end'),
387+
1: n('req_http_end'),
388+
}, p.error(ERROR.INVALID_VERSION, 'Invalid HTTP version')),
389+
2: this.load('http_minor', {
390+
0: n('req_http_end'),
391+
}, p.error(ERROR.INVALID_VERSION, 'Invalid HTTP version')),
392+
}, p.error(ERROR.INVALID_VERSION, 'Invalid HTTP version')),
393+
))
368394
.otherwise(p.error(ERROR.INVALID_VERSION, 'Invalid minor version'));
369395

370396
n('req_http_end').otherwise(this.load('method', {

test/request/invalid.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -200,3 +200,19 @@ off=22 len=15 span[header_value]="www.example.com"
200200
off=39 header_value complete
201201
off=52 error code=10 reason="Invalid header token"
202202
```
203+
204+
### Invalid HTTP version
205+
206+
<!-- meta={"type": "request", "noScan": true} -->
207+
```http
208+
GET / HTTP/5.6
209+
210+
211+
```
212+
213+
```log
214+
off=0 message begin
215+
off=4 len=1 span[url]="/"
216+
off=6 url complete
217+
off=14 error code=9 reason="Invalid HTTP version"
218+
```

test/response/invalid.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -106,3 +106,17 @@ off=21 header_field complete
106106
off=22 len=1 span[header_value]="1"
107107
off=24 error code=3 reason="Missing expected LF after header value"
108108
```
109+
110+
### Invalid HTTP version
111+
112+
<!-- meta={"type": "response"} -->
113+
```http
114+
HTTP/5.6 200 OK
115+
116+
117+
```
118+
119+
```log
120+
off=0 message begin
121+
off=8 error code=9 reason="Invalid HTTP version"
122+
```

0 commit comments

Comments
 (0)