You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1998/03/14 02:23:59 UTC
find_token bug
RFC2068 defines a token like so:
token = 1*<any CHAR except CTLs or tspecials>
tspecials = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
find_token() is used when we want to know (boolean) if a particular token
appears in an HTTP/1.1 header. Some headers allow for token |
quoted-string... and find_token attempts to be accomodating, by skipping
quoted-strings. next_token is actually the function involved, and it
doesn't do things right:
static char *tspecials = " \t()<>@,;:\\/[]?={}";
/* Next HTTP token from a header line. Warning --- destructive!
* Use only with a copy!
*/
static char *next_token(char **toks)
{
char *cp = *toks;
char *ret;
while (*cp && (iscntrl(*cp) || strchr(tspecials, *cp))) {
if (*cp == '"')
while (*cp && (*cp != '"'))
++cp;
else
++cp;
}
...
Notice that the quote test in the inner loop is never true because the
outer loop condition will never be true when *cp == '"'.
Now, the headers that we use find_token() on are:
Connection (both in and out)
If-Match
If-None-Match
For Connection:
Connection-header = "Connection" ":" 1#(connection-token)
connection-token = token
Quotes are part of a token, and find_token() would be wrong to ignore them
w.r.t. Connection.
For the other two:
If-Match = "If-Match" ":" ( "*" | 1#entity-tag )
If-None-Match = "If-None-Match" ":" ( "*" | 1#entity-tag )
entity-tag = [ weak ] opaque-tag
weak = "W/"
opaque-tag = quoted-string
quotes are required, and things just happen to work right now because
find_token() doesn't deal with quotes the way it looks like it tries to.
If you look through meets_conditions() you'll see the etag used for
comparisons is quoted as well, so find_token
So I'll be removing that dead code from next_token.
Dean
P.S. I haven't looked at the etag stuff in RFC2068, but I'm assuming that
since we do nothing with weak in meets_conditions() that it's only
required for proxying.
Re: find_token bug
Posted by Dean Gaudet <dg...@arctic.org>.
On Fri, 13 Mar 1998, Dean Gaudet wrote:
> For the other two:
>
> If-Match = "If-Match" ":" ( "*" | 1#entity-tag )
>
> If-None-Match = "If-None-Match" ":" ( "*" | 1#entity-tag )
>
> entity-tag = [ weak ] opaque-tag
>
> weak = "W/"
> opaque-tag = quoted-string
Actually, using find_token here is completely bogus:
quoted-string = ( <"> *(qdtext) <"> )
qdtext = <any TEXT except <">>
TEXT = <any OCTET except CTLs,
but including LWS>
CTL = <any US-ASCII control character
(octets 0 - 31) and DEL (127)>
We need find_quoted_string().
That is to say, if a request includes:
If-Match: "abc def"
we'll do the wrong thing... since I'm already fixing this code I'll write
find_quoted_string().
Dean