From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.90_1)
	id 1n88OX-000571-Di
	for mharc-grub-devel@gnu.org; Thu, 13 Jan 2022 17:16:33 -0500
Received: from eggs.gnu.org ([209.51.188.92]:38826)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <jamofer@gmail.com>) id 1n88OG-0004yR-VK
 for grub-devel@gnu.org; Thu, 13 Jan 2022 17:16:20 -0500
Received: from [2607:f8b0:4864:20::d32] (port=33597
 helo=mail-io1-xd32.google.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <jamofer@gmail.com>) id 1n88NF-0003zJ-Ik
 for grub-devel@gnu.org; Thu, 13 Jan 2022 17:15:35 -0500
Received: by mail-io1-xd32.google.com with SMTP id f24so4380871ioc.0
 for <grub-devel@gnu.org>; Thu, 13 Jan 2022 14:15:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=wA0CL5atcIjTQQLsYgXc36CXEf6Ohl/ymFX3Ap2F4zw=;
 b=Mzo1bACmmglw92+mKeKhpCKxutAzQLY1+hnd5if3w4zjkcIo0VJEv9ADcud6yzv5Q6
 KzCUCFzqyl2Jp8Oh2sVOa2yMDE5jKpT3G7isDp+bVjf6oouxDXUg97spBgAUv8zn6sem
 j81+Cz5L9qLghNDUd9d4zHIms18wQzEellzO7zo3eU1WP6TdctGgMOjowsuw/e2DG/z0
 45Hu2zSZyKKcLVc76U2ubkjSqwVXVFtvqP0vU0YkcYDrKUyLNx1T1kZfG5jGiJGaFZVi
 +X46QG8eCPjhGACSjFfntL2OuT55Zg2xjXr16Ml/SpQBWNvR/A4D51FrBDbbLpZ9QcSw
 R+SQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=wA0CL5atcIjTQQLsYgXc36CXEf6Ohl/ymFX3Ap2F4zw=;
 b=jfFckL/YlsuuMb3EpYF36mw/bQFkbBWDMrBk6eQvY6DcBuuf1CfsHiqGFy7+915vFM
 M6DuK3bD90mB33uqF+HdqnFQZsIwTKfRFoZqC6dhoxEpl9LcuXvCr/Q385q92irv71ld
 /ScVNtpbNilIY1AP2Jb462lzDC0WMhk90DqxqZXxQ4x1cMQokSGne7Atfio7+8Q7zYVm
 3q2SsMu1MQEMKNlrBl3Z7EOc59G4vcl5IfeayU9zesuV5APuwFCylcuLs3quw8n7eCVH
 qQLuofxUDZ34mQncj63SE8mBIn5JMSAM8kHVXgLI9uYweEt/BmmmjkeePpeSGJ+H+SYA
 8xdQ==
X-Gm-Message-State: AOAM530Q+1LsNspr6Ue7jO41YPBWMGp5aNvZ3CPuC4BB/4O+lmhNV6ka
 3rdEHR2x7t7p+gxH95mEN0jXbZCB4PiYqZlDeuj3hr7wRfv4Mg==
X-Google-Smtp-Source: ABdhPJwWELBuAYZTc5Vjfu88MiW8PJBhKsKGW/9FqDaVeyHQnOP+vQuI1zroIQVv1+B4d6wbaa60WhlNg7xUc8VNAAQ=
X-Received: by 2002:a5e:9905:: with SMTP id t5mr3043578ioj.16.1642112105167;
 Thu, 13 Jan 2022 14:15:05 -0800 (PST)
MIME-Version: 1.0
References: <CAO3k2X2tye+p6edt=ZKDy97R105h5Kyh2gsT3uOqiaiUuPuGhA@mail.gmail.com>
 <20220112220823.5e512f99@crass-HP-ZBook-15-G2>
In-Reply-To: <20220112220823.5e512f99@crass-HP-ZBook-15-G2>
From: Javier Moragon <jamofer@gmail.com>
Date: Thu, 13 Jan 2022 23:14:54 +0100
Message-ID: <CAO3k2X1E2Zistzt7HTBTQL7kbdSUqfUhPuKL2Zoj1BZvA8cK7Q@mail.gmail.com>
Subject: Re: [PATCH] http module is not checking correctly HTTP headers
To: development@efficientek.com
Cc: The development of GNU GRUB <grub-devel@gnu.org>
Content-Type: multipart/mixed; boundary="000000000000b5d73e05d57e041c"
X-Host-Lookup-Failed: Reverse DNS lookup failed for 2607:f8b0:4864:20::d32
 (failed)
Received-SPF: pass client-ip=2607:f8b0:4864:20::d32;
 envelope-from=jamofer@gmail.com; helo=mail-io1-xd32.google.com
X-Spam_score_int: -12
X-Spam_score: -1.3
X-Spam_bar: -
X-Spam_report: (-1.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jan 2022 22:16:21 -0000

--000000000000b5d73e05d57e041c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

I'm sorry, it's my first time using a mailing list for publishing
patches so I sent you the message directly instead of to grub-devel
and my mail client wrapped the patch lines. I attached the patch
Instead of pasting the diff, I hope this time the lines don't get
wrapped.

El jue, 13 ene 2022 a las 5:08, Glenn Washburn
(<development@efficientek.com>) escribi=C3=B3:
>
> On Wed, 12 Jan 2022 23:54:58 +0100
> Javier Moragon <jamofer@gmail.com> wrote:
>
> > According to https://www.ietf.org/rfc/rfc2616.txt 4.2, header names
> > shall be case insensitive and we are now forced to read headers like
> > `Content-Length` capitalized.
> >
> > The problem with that is when a HTTP server responds with a
> > `content-length` header in lowercase GRUB gets stuck because HTTP
> > module doesn't know the length of the transmision and the call never
> > ends. I've been able to reproduce it and after ignoring the text case
> > it worked perfectly.
> >
> > Here is it my patch proposal:
> >
> > diff --git a/grub-core/net/http.c b/grub-core/net/http.c
> > index b616cf40b..570fa3934 100644
> > --- a/grub-core/net/http.c
> > +++ b/grub-core/net/http.c
> > @@ -130,7 +130,7 @@ parse_line (grub_file_t file, http_data_t data,
> > char *ptr, grub_size_t len)
> >        data->first_line_recv =3D 1;
> >        return GRUB_ERR_NONE;
> >      }
> > -  if (grub_memcmp (ptr, "Content-Length: ", sizeof ("Content-Length: "=
) - 1)
> > +  if (grub_strncasecmp (ptr, "Content-Length: ", grub_strlen
> > ("Content-Length: ") )
>
> I don't think there should be a new line here. And why change to
> grub_strlen? Now the length is calculated everytime at runtime instead
> of once at compile time.
>
> >        =3D=3D 0 && !data->size_recv)
> >      {
> >        ptr +=3D sizeof ("Content-Length: ") - 1;
> > @@ -138,8 +138,8 @@ parse_line (grub_file_t file, http_data_t data,
> > char *ptr, grub_size_t len)
> >        data->size_recv =3D 1;
> >        return GRUB_ERR_NONE;
> >      }
> > -  if (grub_memcmp (ptr, "Transfer-Encoding: chunked",
> > -    sizeof ("Transfer-Encoding: chunked") - 1) =3D=3D 0)
> > +  if (grub_strncasecmp (ptr, "Transfer-Encoding: chunked",
> > +    grub_strlen ("Transfer-Encoding: chunked") ) =3D=3D 0)
>
> Ditto on the grub_strlen. I also don't like the original indentation of
> this line and think that it should align with "ptr".
>
> >      {
> >        data->chunked =3D 1;
> >        return GRUB_ERR_NONE;
>
> Otherwise, it seems like good patch.
>
> Glenn
>

--000000000000b5d73e05d57e041c
Content-Type: application/x-patch; name="patch.patch"
Content-Disposition: attachment; filename="patch.patch"
Content-Transfer-Encoding: base64
Content-ID: <f_kydj1ht30>
X-Attachment-Id: f_kydj1ht30

ZGlmZiAtLWdpdCBhL2dydWItY29yZS9uZXQvaHR0cC5jIGIvZ3J1Yi1jb3JlL25ldC9odHRwLmMK
aW5kZXggYjYxNmNmNDBiLi5mMWJlOWY3ODQgMTAwNjQ0Ci0tLSBhL2dydWItY29yZS9uZXQvaHR0
cC5jCisrKyBiL2dydWItY29yZS9uZXQvaHR0cC5jCkBAIC0xMzAsNyArMTMwLDcgQEAgcGFyc2Vf
bGluZSAoZ3J1Yl9maWxlX3QgZmlsZSwgaHR0cF9kYXRhX3QgZGF0YSwgY2hhciAqcHRyLCBncnVi
X3NpemVfdCBsZW4pCiAgICAgICBkYXRhLT5maXJzdF9saW5lX3JlY3YgPSAxOwogICAgICAgcmV0
dXJuIEdSVUJfRVJSX05PTkU7CiAgICAgfQotICBpZiAoZ3J1Yl9tZW1jbXAgKHB0ciwgIkNvbnRl
bnQtTGVuZ3RoOiAiLCBzaXplb2YgKCJDb250ZW50LUxlbmd0aDogIikgLSAxKQorICBpZiAoZ3J1
Yl9zdHJuY2FzZWNtcCAocHRyLCAiQ29udGVudC1MZW5ndGg6ICIsIHNpemVvZiAoIkNvbnRlbnQt
TGVuZ3RoOiAiKSAtIDEpCiAgICAgICA9PSAwICYmICFkYXRhLT5zaXplX3JlY3YpCiAgICAgewog
ICAgICAgcHRyICs9IHNpemVvZiAoIkNvbnRlbnQtTGVuZ3RoOiAiKSAtIDE7CkBAIC0xMzgsOCAr
MTM4LDggQEAgcGFyc2VfbGluZSAoZ3J1Yl9maWxlX3QgZmlsZSwgaHR0cF9kYXRhX3QgZGF0YSwg
Y2hhciAqcHRyLCBncnViX3NpemVfdCBsZW4pCiAgICAgICBkYXRhLT5zaXplX3JlY3YgPSAxOwog
ICAgICAgcmV0dXJuIEdSVUJfRVJSX05PTkU7CiAgICAgfQotICBpZiAoZ3J1Yl9tZW1jbXAgKHB0
ciwgIlRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkIiwKLQkJICAgc2l6ZW9mICgiVHJhbnNmZXIt
RW5jb2Rpbmc6IGNodW5rZWQiKSAtIDEpID09IDApCisgIGlmIChncnViX3N0cm5jYXNlY21wIChw
dHIsICJUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZCIsCisgICAgICBzaXplb2YgKCJUcmFuc2Zl
ci1FbmNvZGluZzogY2h1bmtlZCIpIC0gMSkgPT0gMCkKICAgICB7CiAgICAgICBkYXRhLT5jaHVu
a2VkID0gMTsKICAgICAgIHJldHVybiBHUlVCX0VSUl9OT05FOwo=
--000000000000b5d73e05d57e041c--