Re: parsing quoted-string HTTP header fields

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 28 May 2011 00:12:29 +1200

On 27/05/11 23:21, Tsantilas Christos wrote:
> Hi all,
>
> Just trying to clarify what we want to implement at the end, because I
> am confused. I am responsible for the confusion because I give two "(3)"
> options, and I send buggy implementations for the "(1)" and the "second
> (3)" option.
>
> From what I can understand, currently, we have the following options:
> 1) Just ignore any "\r" or "\n" character. This is the fastest and
> simpler approach
> 2) Require "[\r]\n " or "[\r]\n\t" as line separator and replace it with
> a space.
>
> From the discussion the (1) may be dangerous because strings like this
> "1\r23" will be converted to "123" which maybe it is dangerous.
>
> So I suppose we should implement the (2) option. Is it OK?

Agreed.

What we have been debugging in the other half of the thread was "\r\n "
or "\r\n\t".

I think it just needs:
  * the two buffer overread bugs Alex spotted removed,
  * the \r made optional.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.7 and 3.1.12.1
Received on Fri May 27 2011 - 12:12:36 MDT

This archive was generated by hypermail 2.2.0 : Mon May 30 2011 - 12:00:11 MDT