From 79408870680c7d9fa623b2b8022308aed9956038 Mon Sep 17 00:00:00 2001 From: Javier Sánchez Parra Date: Tue, 13 Jul 2021 13:03:10 +0200 Subject: #1000 Fix HTTP request header length parsing OgClient miscalculates the body size of the request. ogServer delimits HTTP headers with "\r\n\r\n" to comply with RFC 2616. But ogClient searches for the first "\r\n" delimiter, hence, ogClient stops at the first HTTP header field instead of at the end of the header. Hence, it incorrectly assumes the body starts after the first "\r\n". This commit updates ogClient to search for the "\r\n\r\n" delimiter. Example: POST /shell/run HTTP/1.1\r\n <-- ogClient considers body starts here (WRONG!) Content-Length: 952\r\n Content-Type: application/json\r\n \r\n <-- Here is where the body starts {"json-body":...} --- src/ogClient.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src/ogClient.py') diff --git a/src/ogClient.py b/src/ogClient.py index 3162456..fe4e591 100644 --- a/src/ogClient.py +++ b/src/ogClient.py @@ -104,7 +104,7 @@ class ogClient: request = restRequest() if not self.trailer: - header_len = self.data.find("\r\n") + header_len = self.data.find("\r\n\r\n") if header_len > 0: # https://stackoverflow.com/questions/4685217/parse-raw-http-headers request_line, headers_alone = self.data.split('\n', 1) @@ -114,8 +114,9 @@ class ogClient: self.content_len = int(headers['Content-Length']) self.trailer = True - # Add 2 because self.data.find("\r\n") does not count "\r\n" for the length - self.header_len = header_len + 2 + # Add 4 because self.data.find("\r\n\r\n") does not count + # "\r\n\r\n" for the length + self.header_len = header_len + 4 if self.trailer and (len(self.data) >= self.content_len + self.header_len): request.parser(self.data) -- cgit v1.2.3-18-g5258