httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject find_token bug
Date Sat, 14 Mar 1998 01:23:59 GMT
RFC2068 defines a token like so:

          token          = 1*<any CHAR except CTLs or tspecials>

          tspecials      = "(" | ")" | "<" | ">" | "@"
                         | "," | ";" | ":" | "\" | <">
                         | "/" | "[" | "]" | "?" | "="
                         | "{" | "}" | SP | HT

find_token() is used when we want to know (boolean) if a particular token
appears in an HTTP/1.1 header.  Some headers allow for token |
quoted-string... and find_token attempts to be accomodating, by skipping
quoted-strings.  next_token is actually the function involved, and it
doesn't do things right: 

    static char *tspecials = " \t()<>@,;:\\/[]?={}";

    /* Next HTTP token from a header line.  Warning --- destructive!
    * Use only with a copy!
    */

    static char *next_token(char **toks)
    {
	char *cp = *toks;
	char *ret;

	while (*cp && (iscntrl(*cp) || strchr(tspecials, *cp))) {
	    if (*cp == '"')
		while (*cp && (*cp != '"'))
		    ++cp;
	    else
		++cp;
	}
    ...

Notice that the quote test in the inner loop is never true because the
outer loop condition will never be true when *cp == '"'. 

Now, the headers that we use find_token() on are: 

    Connection  (both in and out)
    If-Match
    If-None-Match

For Connection: 

    Connection-header = "Connection" ":" 1#(connection-token)
    connection-token  = token

Quotes are part of a token, and find_token() would be wrong to ignore them
w.r.t. Connection. 

For the other two: 

    If-Match = "If-Match" ":" ( "*" | 1#entity-tag )

    If-None-Match = "If-None-Match" ":" ( "*" | 1#entity-tag )

    entity-tag = [ weak ] opaque-tag

    weak       = "W/"
    opaque-tag = quoted-string

quotes are required, and things just happen to work right now because
find_token() doesn't deal with quotes the way it looks like it tries to. 
If you look through meets_conditions() you'll see the etag used for
comparisons is quoted as well, so find_token

So I'll be removing that dead code from next_token. 

Dean

P.S. I haven't looked at the etag stuff in RFC2068, but I'm assuming that
since we do nothing with weak in meets_conditions() that it's only
required for proxying.


Mime
View raw message