Some issues in the HTTP parser (and suggestions)

Iñaki Baz Castillo ibc at aliax.net
Fri May 7 09:51:18 EDT 2010


Hi, by inspecting the Ragel grammar of the HTTP parser (coming from
Mongrel) I've realized of some possible issues and bugs:


hostname = (alnum | "-" | "." | "_")+;

- It doesn't allow IPv6. This is important IMHO.
- It allows "_" which is an invalid symbol (not valid for a domain).

I suggest:
  hostname = (alnum | "-" | "." | "[" | "]" | ":")+;

------------------

host_with_port = (hostname (":" digit*)?) >mark %host;

- It allows something ugly as "mydomain.org:"

I suggest:
  host_with_port = (hostname (":" digit{1,5})?) >mark %host;

------------------

message_header = ((field_name ":" " "* field_value)|value_cont) :> CRLF;

- It doesn't allow valid spaces before ":" as:
     Host : mydomain.org

- Tabulators are also allowed.

I suggest:
  message_header = ((field_name [ \t]* ":" [ \t]*
field_value)|value_cont) :> CRLF;



Regards.



-- 
Iñaki Baz Castillo
<ibc at aliax.net>


More information about the mongrel-unicorn mailing list