httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kraemer <Martin.Krae...@mch.sni.de>
Subject Re: [PATCH] Parsing URI into its components - comments welcome
Date Tue, 07 Oct 1997 19:00:47 GMT
Thanks a lot, Dean, for taking the time and looking at my patch. Roy,
thanks to you, too, I just printed your url.txt and am going to look at
it later. BTW: No, I do't think it's a good solution to use regex
parsing, because then we have the same situation as before, that the
parsing is done repeatedly at different code locations, and every
code location does it "a bit differently". My solution will parse the URL
once, extracting everything that any module would need, and providing
an unparser (similar to the one described in your text) which can
re-create an URL from the single parts.

> -    sscanf(r->protocol, "HTTP/%d.%d", &major, &minor);
> -    r->proto_num = 1000 * major + minor;
> +    if (2 == sscanf(r->protocol, "HTTP/%d.%d", &major, &minor)
> +      && minor < HTTP_PROTO(1,0))	/* don't allow HTTP/0.1000 */
> +	r->proto_num = HTTP_PROTO(major,minor);
> +    else
> +	r->proto_num = HTTP_PROTO(1,0);
>  
> This breaks, for example, on HTTP/1.1000, which is a valid input and
> should be treated like HTTP/1.1.

RFC2068 says...:
## The version of an HTTP message is indicated by an HTTP-Version field
## in the first line of the message.
##
##        HTTP-Version   = "HTTP" "/" 1*DIGIT "." 1*DIGIT
##
## Note that the major and minor numbers MUST be treated as separate
## integers and that each may be incremented higher than a single digit.
## Thus, HTTP/2.4 is a lower version than HTTP/2.13, which in turn is
## lower than HTTP/12.3. Leading zeros MUST be ignored by recipients and
## MUST NOT be sent.

So, HTTP/1.1000 would the 999th update to, and be compatible with,
but not be a synonym for, HTTP/1.1;  It is therefore indeed the
safest game to check sensible input like you propose:

> How about this:
> 
>     if (2 == sscan(r->protocol, "HTTP/%u.%u", &major, &minor)) {
> 	if (minor < HTTP_PROTO(1,0)) {
> 	    r->proto_num = HTTP_PROTO(major,minor);
> 	}
> 	else if (major < 1) {
> 	    bogosity, die with a 505
...because before HTTP/1.0, no version string was given anyway, right.
> 	}
> 	else {
> 	    /* it has to be HTTP/1.1 backwards compliant */
>...
> Oh yeah, multiplying by 1000 is silly, it'd be better as 256, which
> shaves off many cycles :)

It's not _that_ bad, since the multiplication is executed only once per
request. Oh, you had a smilie there... ;-)

I kept the 1000 factor in my HTTP_PROTO() macro to be compatible
with all the other code locations where the macro is not used yet.

    Martin
-- 
| S I E M E N S |  <Martin.Kraemer@mch.sni.de>  |      Siemens Nixdorf
| ------------- |   Voice: +49-89-636-46021     |  Informationssysteme AG
| N I X D O R F |   FAX:   +49-89-636-44994     |   81730 Munich, Germany
~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request

Mime
View raw message