Parser tweaks #64
Merged
Parser tweaks #64
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
fix: Allow CRLF in front of first boundary even in strict mode Browsers do not do this, but some HTTP client libaries do and it's technically allowed. fix: Fail on invalid first boundary instead of skipping the first segment As per spec, the start boundary must be at position zero, or start with CRLF to separate it from the preamble. Boundaries are forbidden in segment bodies, but not in the preamble. This means that a preamble can actually contain the boundary, as long as it does not start with CRLF. This is nonsense, so let's ignore the spec here. A preamble that contains the boundary is so rare and suspicious that we assume a broken or malicious client and fail fast, even in non-strict mode. This is way better than silently skipping the first segment and loosing data. fix: Accept tiny (1 byte) chunks and arbitrary chunk borders There were edge cases where a very uncommon chunk border would break the parser. This is fixed and properly tested now. fix: Fail if message did not contain the boundary at all. In strict mode, we fail very fast (because the message is either empty, or the message does not start with a boundary. In non-strict mode, we fail at the end when the parser closes in PREAMBLE state.
We deliberately break spec and reject input that is technically valid. The test that ensures this should be clear on why that's a good idea.
defnull
force-pushed
the
patch-parser-tweaks
branch
from
66c981d
to
c362836
Compare
|
I'll update the changelog, then this can be merged I think. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Multiple parser improvements
fix: Allow CRLF in front of first boundary even in strict mode
Browsers do not do this, but some HTTP client libaries do and it's
technically allowed.
fix: Fail on invalid first boundary instead of skipping the first segment
As per spec, the start boundary must be at position zero, or start with CRLF
to separate it from the preamble. Boundaries are forbidden in segment
bodies, but not in the preamble. This means that a preamble can actually
contain the boundary, as long as it does not start with CRLF. This is
nonsense, so let's ignore the spec here. A preamble that contains the
boundary is so rare and suspicious that we assume a broken or malicious
client and fail fast, even in non-strict mode. This is way better than
silently skipping the first segment and loosing data.
fix: Accept tiny (1 byte) chunks and arbitrary chunk borders
There were edge cases where a very uncommon chunk border would break the
parser. This is fixed and properly tested now.
fix: Fail if message did not contain the boundary at all.
In strict mode, we fail very fast (because the message is either empty, or
the message does not start with a boundary. In non-strict mode, we fail
at the end when the parser closes in PREAMBLE state.