http: improve buffer reuse for heeaders, and discard unused bodies

The body content not being consumed was leading to misparses, where
we consumed body data as if it were a request. When mixed with proxies
this could lead to a security problem where the following request
content submitted from a different client winds up as stolen request
body content.

This also ensures we actually deliver errors to clients without
prematurely closing the connection.  (There are still problems
where the connection may be closed prematurely for an overlarge
header.)

1 files changed, 0 insertions, 6 deletions

diff --git a/src/supplemental/http/http_msg.h b/src/supplemental/http/http_msg.h
index e08dab8a..038d9a04 100644
--- a/src/supplemental/http/http_msg.h
+++ b/src/supplemental/http/http_msg.h
@@ -44,11 +44,6 @@ typedef struct nni_http_entity {
 
 struct nng_http_req {
 	nni_http_entity data;
-	char            meth[32];
-	char            host[260]; // 253 per IETF, plus 6 for :port plus null
-	char            ubuf[200]; // Most URIs are smaller than this
-	char           *uri;
-	const char     *vers;
 	http_header     host_header;
 };
 
@@ -56,7 +51,6 @@ struct nng_http_res {
 	nni_http_entity data;
 	uint16_t        code;
 	char           *rsn;
-	const char     *vers;
 	bool            iserr;
 	http_header     location;
 };