989fdadfe2
Using strncasecmp to match HTTP headers can give unexpected results when
the strings to be compared match up until the end of one string, but the
other string contains additional characters. This can result in falsely
matching a HTTP header value, for example:
strncasecmp("Upgrade-Something", "Upgrade", sizeof("Upgrade") - 1) --> 0
In this case we know that both strings are NULL terminated since one is
a string literal and we have just length-checked and explicitly NULL
terminated the other. So we can just use strcasecmp without a max
length.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
|
||
|---|---|---|
| .. | ||
| headers | ||
| CMakeLists.txt | ||
| http_client.c | ||
| http_hpack.c | ||
| http_huffman.c | ||
| http_parser_url.c | ||
| http_parser.c | ||
| http_server_core.c | ||
| http_server_http1.c | ||
| http_server_http2.c | ||
| http_server_ws.c | ||
| iterables.ld | ||
| Kconfig | ||
| README_http_parser | ||