Strip header whitespace. Fix #1890. Code by @matthewd (#2010)

* Strip header whitespace in C Fix #1890 Co-authored-by: Matthew Draper <matthew@trebex.net> * Add Java extension to do the same Co-authored-by: Charles Nutter <headius@headius.com> * Changelog
puma · Oct 7, 2019 · 22b135a · 22b135a
1 parent 2d46f0b
commit 22b135a
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 5 deletions.
diff --git a/History.md b/History.md
@@ -1,5 +1,5 @@
 * Features
-  * Your feature goes here (#Github Number)
+  * Strip whitespace at end of HTTP headers (#2010)
 
 * Bugfixes
   * Your bugfix goes here (#Github Number)

diff --git a/ext/puma_http11/org/jruby/puma/Http11.java b/ext/puma_http11/org/jruby/puma/Http11.java
@@ -87,7 +87,9 @@ public void call(Object data, int field, int flen, int value, int vlen) {
                 validateMaxLength(flen, MAX_FIELD_NAME_LENGTH, MAX_FIELD_NAME_LENGTH_ERR);
                 validateMaxLength(vlen, MAX_FIELD_VALUE_LENGTH, MAX_FIELD_VALUE_LENGTH_ERR);
 
-                ByteList b = new ByteList(Http11.this.hp.parser.buffer,field,flen);
+                ByteList buffer = Http11.this.hp.parser.buffer;
+
+                ByteList b = new ByteList(buffer,field,flen);
                 for(int i = 0,j = b.length();i<j;i++) {
                     if((b.get(i) & 0xFF) == '-') {
                         b.set(i, (byte)'_');
@@ -105,7 +107,9 @@ public void call(Object data, int field, int flen, int value, int vlen) {
                   f.cat(b);
                 }
 
-                b = new ByteList(Http11.this.hp.parser.buffer, value, vlen);
+                while (vlen > 0 && Character.isWhitespace(buffer.get(value + vlen - 1))) vlen--;
+
+                b = new ByteList(buffer, value, vlen);
                 v = req.op_aref(req.getRuntime().getCurrentContext(), f);
                 if (v.isNil()) {
                     req.op_aset(req.getRuntime().getCurrentContext(), f, RubyString.newString(runtime, b));

diff --git a/ext/puma_http11/puma_http11.c b/ext/puma_http11/puma_http11.c
@@ -200,6 +200,8 @@ void http_field(puma_parser* hp, const char *field, size_t flen,
     f = rb_str_new(hp->buf, new_size);
   }
 
+  while (vlen > 0 && isspace(value[vlen - 1])) vlen--;
+
   /* check for duplicate header */
   v = rb_hash_aref(hp->request, f);
 

diff --git a/test/test_http11.rb b/test/test_http11.rb
@@ -199,9 +199,7 @@ def test_horrible_queries
     end
   end
 
-  # https://github.com/puma/puma/issues/1890
   def test_trims_whitespace_from_headers
-    skip("Known failure, see issue 1890 on GitHub")
     parser = Puma::HttpParser.new
     req = {}
     http = "GET / HTTP/1.1\r\nX-Strip-Me: Strip This       \r\n\r\n"