[AWS] Minor bug in src/core/aws-headers-set.adb

Riccardo Bernardini riccardo.bernardini at uniud.it
Sat Oct 8 12:43:09 CEST 2011

Previous message: [AWS] Changing AWS in an RTSP server
Next message: [AWS] Minor bug in src/core/aws-headers-set.adb
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear all,
I think I found a minor bug in the header parsing routine in  
src/core/aws-headers-set.adb.  The bug is really a minor one, mostly  
harmless and almost impossible to trigger, if not on purpose.  Anyway,  
if you look at lines 106-121 in the above mentioned file you'll see

=========== BEGIN
             --  Put name and value to the container separately

              Delimiter_Index := Fixed.Index (Line, ":");

               if Delimiter_Index = 0 then  -- <<==== BUG?
                  --  No delimiter, this is not a valid Header Line

                  raise Format_Error with Line;
               end if;

               Add (Headers,
                    Name  => Line (Line'First .. Delimiter_Index - 1),
                    Value => Fixed.Trim
                               (Line (Delimiter_Index + 1 .. Line'Last),
                                Side => Both));
=========== END

where Line is the line to be parsed.  The above code accepts a line  
with empty header name such as ": some value," but this is not  
coherent with RFC 2616 that requires the header name to be a "token"  
that is defined (on page 17) as a non-empty sequence of a restricted  
set of characters.  In order to avoid this, one could replace the test  
above

     Delimiter_Index = 0

with

     Delimiter_Index = 0 or else Delimiter_Index = Line'First

or, alternatively,

     Delimiter_Index <= Line'First

Moreover, if one wants to be really finicky, even with the suggested  
correction, the code would accept header lines like

     "Really (funny)@{header}: some value"

that are not acceptable according to RFC 2616 since "token"s cannot  
include characters like parenthesis, spaces, @, ...  In order to catch  
this type of header lines one should use something like

========= BEGIN
                   Delimiter_Index := Fixed.Index (Source => Line,
                                                   Set    => RFC2616_Token_Set,
                                                   Test   => Outside);

                   if Delimiter_Index = 0 -- No delimiter
                      or else
                         Delimiter_Index = Line'First -- Empty name
                         or else
                            Line (Delimiter_Index) /= ':'
                   then
                      --  If we are here, this is not a valid Header Line

                      raise Format_Error with Line;
                   end if;
======== END

where RFC2616_Token_Set is defined as follows

======= BEGIN
    Printable_Set : constant Maps.Character_Set := Maps.To_Set
       (Maps.Character_Range'(Low  => ' ',
                              High => Character'Val (127)));

    RFC2616_Separator_Set : constant Maps.Character_Set := Maps.To_Set
       (" ()<>@,;:\""/[]?=" & Latin_1.HT);

    RFC2616_Token_Set     : constant Maps.Character_Set :=
                              Printable_Set - RFC2616_Separator_Set;
======= END

Hope this helps.

Riccardo
-- 
Riccardo Bernardini
DIEGM -- University of Udine
via delle Scienze 208
33100 Udine
Tel: +39-0432-55-8271
Fax: +39-0432-55-8251

----------------------------------------------------------------------
SEMEL (SErvizio di Messaging ELettronico) - AINF, Universita' di Udine

Previous message: [AWS] Changing AWS in an RTSP server
Next message: [AWS] Minor bug in src/core/aws-headers-set.adb
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the AWS mailing list