diff options
| author | Garrett D'Amore <garrett@damore.org> | 2025-01-11 13:29:23 -0800 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2025-01-11 13:29:23 -0800 |
| commit | b16e6ebf05429cb4ac29b3a5a5c9758fa362c78a (patch) | |
| tree | 9f0c21017de2fd17b0c8f2c9a9621d78849861bf /src/supplemental/http/http_api.h | |
| parent | 588611e180f2e47caa778a6265b1d7f73b90648a (diff) | |
| download | nng-b16e6ebf05429cb4ac29b3a5a5c9758fa362c78a.tar.gz nng-b16e6ebf05429cb4ac29b3a5a5c9758fa362c78a.tar.bz2 nng-b16e6ebf05429cb4ac29b3a5a5c9758fa362c78a.zip | |
http: improve buffer reuse for heeaders, and discard unused bodies
The body content not being consumed was leading to misparses, where
we consumed body data as if it were a request. When mixed with proxies
this could lead to a security problem where the following request
content submitted from a different client winds up as stolen request
body content.
This also ensures we actually deliver errors to clients without
prematurely closing the connection. (There are still problems
where the connection may be closed prematurely for an overlarge
header.)
Diffstat (limited to 'src/supplemental/http/http_api.h')
| -rw-r--r-- | src/supplemental/http/http_api.h | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/src/supplemental/http/http_api.h b/src/supplemental/http/http_api.h index ade6cf06..8ebe74bb 100644 --- a/src/supplemental/http/http_api.h +++ b/src/supplemental/http/http_api.h @@ -36,12 +36,10 @@ typedef struct nng_http_chunks nni_http_chunks; extern void nni_http_req_init(nni_http_req *); extern void nni_http_req_reset(nni_http_req *); -extern int nni_http_req_get_buf(nni_http_req *, void **, size_t *); extern int nni_http_req_parse(nng_http *, void *, size_t, size_t *); extern void nni_http_res_init(nni_http_res *); extern void nni_http_res_reset(nni_http_res *); -extern int nni_http_res_get_buf(nni_http_conn *, void **, size_t *); extern int nni_http_res_parse(nng_http *, void *, size_t, size_t *); // Chunked transfer encoding. For the moment this is not part of our public @@ -115,10 +113,9 @@ extern void nni_http_write_req(nni_http_conn *, nni_aio *); extern void nni_http_read_res(nni_http_conn *, nni_aio *); extern void nni_http_read_req(nni_http_conn *, nni_aio *); extern void nni_http_write_res(nni_http_conn *, nni_aio *); +extern void nni_http_read_discard(nni_http_conn *, size_t, nni_aio *); extern int nni_http_req_add_header(nni_http_req *, const char *, const char *); -extern int nni_http_req_del_header(nni_http_req *, const char *); -extern int nni_http_res_del_header(nni_http_res *, const char *); extern int nni_http_req_alloc_data(nni_http_req *, size_t); extern int nni_http_res_alloc_data(nni_http_res *, size_t); |