RPC: HTTP server uses its own ReadHTTPRequestLine()

rather than reusing ReadHTTPStatus() from the client mode.

The following additional HTTP request validations are added, both in line with
existing HTTP client practice:

1) HTTP method must be GET or POST.  Most clients use POST, some
   use GET.  Either way, this continues to work.
2) HTTP URI must start with "/" character.
   Normal URI is "/" (a 1-char string), so this is fine.
This commit is contained in:
Jeff Garzik 2012-11-04 17:16:46 -05:00 committed by Jeff Garzik
parent 2306dc4b76
commit fcf234fc08

View file

@ -362,6 +362,41 @@ static string HTTPReply(int nStatus, const string& strMsg, bool keepalive)
strMsg.c_str()); strMsg.c_str());
} }
bool ReadHTTPRequestLine(std::basic_istream<char>& stream, int &proto,
string& http_method, string& http_uri)
{
string str;
getline(stream, str);
// HTTP request line is space-delimited
vector<string> vWords;
boost::split(vWords, str, boost::is_any_of(" "));
if (vWords.size() < 2)
return false;
// HTTP methods permitted: GET, POST
http_method = vWords[0];
if (http_method != "GET" && http_method != "POST")
return false;
// HTTP URI must be an absolute path, relative to current host
http_uri = vWords[1];
if (http_uri.size() == 0 || http_uri[0] != '/')
return false;
// parse proto, if present
string strProto = "";
if (vWords.size() > 2)
strProto = vWords[2];
proto = 0;
const char *ver = strstr(strProto.c_str(), "HTTP/1.");
if (ver != NULL)
proto = atoi(ver+7);
return true;
}
int ReadHTTPStatus(std::basic_istream<char>& stream, int &proto) int ReadHTTPStatus(std::basic_istream<char>& stream, int &proto)
{ {
string str; string str;
@ -939,12 +974,14 @@ void ThreadRPCServer3(void* parg)
} }
return; return;
} }
map<string, string> mapHeaders;
string strRequest;
// Read HTTP status (um, we mean, HTTP request line)
int nProto = 0; int nProto = 0;
ReadHTTPStatus(conn->stream(), nProto); map<string, string> mapHeaders;
string strRequest, strMethod, strURI;
// Read HTTP request line
if (!ReadHTTPRequestLine(conn->stream(), nProto, strMethod, strURI))
break;
// Read HTTP message headers and body // Read HTTP message headers and body
ReadHTTPMessage(conn->stream(), mapHeaders, strRequest, nProto); ReadHTTPMessage(conn->stream(), mapHeaders, strRequest, nProto);