| Subject: | [PATCH] HTTP::Message->parse works with strings without empty line between headers and body |
Hello,
I was very surprised by the fact, that there is no difference for HTTP::Message->parse between strings "Header: value\nbody" and "Header: value\n\nbody". The first one seems to be invalid, but it is parsed the same way as the second. This can lead to the problems when we parse buggy application output, because module don't see these bug, but real webserver see it.
I suggest the patch for the library and it's test file. As you understand, it can broke applications that rely on old behaviour, that is very very old, so it is not safe. What do you think about it?
| Subject: | HTTP-Message.patch |
diff --color -uNr HTTP-Message-6.11/lib/HTTP/Message.pm HTTP-Message-new/lib/HTTP/Message.pm
--- HTTP-Message-6.11/lib/HTTP/Message.pm 2015-09-09 23:34:32.000000000 +0300
+++ HTTP-Message-new/lib/HTTP/Message.pm 2016-12-29 17:06:44.072875100 +0300
@@ -72,7 +72,8 @@
$hdr[-1] =~ s/\r\z//;
}
else {
- $str =~ s/^\r?\n//;
+ my $newline = $str =~ s/^\r?\n//;
+ die "Can't parse message: missing empty line before body" if length $str && !$newline && @hdr;
last;
}
}
diff --color -uNr HTTP-Message-6.11/t/message.t HTTP-Message-new/t/message.t
--- HTTP-Message-6.11/t/message.t 2016-12-29 15:56:22.547641100 +0300
+++ HTTP-Message-new/t/message.t 2016-12-29 17:05:29.622320900 +0300
@@ -3,7 +3,7 @@
use Test::More;
-plan tests => 129;
+plan tests => 131;
require HTTP::Message;
use Config qw(%Config);
@@ -107,6 +107,9 @@
$m = HTTP::Message->parse("\nfoo: bar\n");
is($m->as_string, "\nfoo: bar\n");
+ok(!eval { HTTP::Message->parse("invalid: request\nmissing empty line before body") });
+like($@, qr/^Can't parse message: missing empty line before body/);
+
$m = HTTP::Message->new([a => 1, b => 2], "abc");
is($m->content("foo\n"), "abc");
is($m->content, "foo\n");