diff options
| author | Kenneth R Westerback <krw@cvs.openbsd.org> | 2016-05-27 11:24:14 +0000 |
|---|---|---|
| committer | Kenneth R Westerback <krw@cvs.openbsd.org> | 2016-05-27 11:24:14 +0000 |
| commit | 2aaba3dda3880a71cba50b5d76dc580f1b24600f (patch) | |
| tree | d31e7cc9c196c88fadfe4e218a7cf2b9efd81d91 /usr.sbin/httpd | |
| parent | b7a801368cabd897097c56917dc314dab493a361 (diff) | |
Return "400 Bad Request" instead of "500 Server Internal Error" for
requests lacking "HTTP/<version>".
This makes it more obvious that httpd(8) does not attempt to support
HTTP v0.9 (circa 1991), when "GET <url>\r\n" was valid.
ok millert@ florian@
Diffstat (limited to 'usr.sbin/httpd')
| -rw-r--r-- | usr.sbin/httpd/server_http.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c index 2a2ae2b578e..98144f8f480 100644 --- a/usr.sbin/httpd/server_http.c +++ b/usr.sbin/httpd/server_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_http.c,v 1.107 2016/05/22 19:20:03 jung Exp $ */ +/* $OpenBSD: server_http.c,v 1.108 2016/05/27 11:24:13 krw Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -296,8 +296,10 @@ server_read_http(struct bufferevent *bev, void *arg) goto fail; desc->http_version = strchr(desc->http_path, ' '); - if (desc->http_version == NULL) - goto fail; + if (desc->http_version == NULL) { + server_abort_http(clt, 400, "malformed"); + goto abort; + } *desc->http_version++ = '\0'; desc->http_query = strchr(desc->http_path, '?'); |