From 9ea941359caa3a38f39453c52e02a03e660f0840 Mon Sep 17 00:00:00 2001 From: cel Date: Tue, 6 Oct 2020 10:23:37 -0400 Subject: [PATCH] Check request method type --- zet.dpi.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/zet.dpi.c b/zet.dpi.c index 903d826..c09ba4f 100644 --- a/zet.dpi.c +++ b/zet.dpi.c @@ -37,8 +37,15 @@ static char server_hostname[256]; static char server_url[256]; static char zet_dir[_POSIX_PATH_MAX-64]; +enum http_method { + HTTP_METHOD_GET, + HTTP_METHOD_HEAD, + HTTP_METHOD_POST, + HTTP_METHOD_OTHER +}; + struct http_request { - char *method; + enum http_method method; char *path; char *query; char *hash; @@ -1112,6 +1119,13 @@ static int http_serve_zet(struct http_request *req) { return 0; } +enum http_method parse_method(const char *method) { + if (!strcasecmp(method, "GET")) return HTTP_METHOD_GET; + if (!strcasecmp(method, "HEAD")) return HTTP_METHOD_HEAD; + if (!strcasecmp(method, "POST")) return HTTP_METHOD_POST; + return HTTP_METHOD_OTHER; +} + static int handle_http_client(int fd, int firstchar) { int rc; struct http_request req; @@ -1124,10 +1138,10 @@ static int handle_http_client(int fd, int firstchar) { if (rc < 0) { close(fd); return 0; } char *nextline = next_line(buf); - req.method = buf; req.path = strchr(buf, ' '); if (req.path == NULL) { close(fd); return 0; } *req.path++ = '\0'; + req.method = parse_method(buf); req.http_version = strchr(req.path, ' '); if (req.http_version != NULL) *req.http_version++ = '\0'; @@ -1185,6 +1199,15 @@ static int handle_http_client(int fd, int firstchar) { return 0; } + if (req.method != HTTP_METHOD_POST) { + write_buf(fd, "HTTP/1.0 405 Method Not Allowed\r\n" + "Content-Type: text/plain\r\n" + "Connection: close\r\n\r\n" + "Expected POST request"); + close(fd); + return 0; + } + ptrdiff_t offset = nextline - buf; req.data = nextline; req.full_data = NULL;