From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.90_1)
	id 1n7mWV-0003Rx-Iy
	for mharc-grub-devel@gnu.org; Wed, 12 Jan 2022 17:55:19 -0500
Received: from eggs.gnu.org ([209.51.188.92]:41356)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <jamofer@gmail.com>) id 1n7mWS-0003Rh-SR
 for grub-devel@gnu.org; Wed, 12 Jan 2022 17:55:17 -0500
Received: from [2607:f8b0:4864:20::d33] (port=47081
 helo=mail-io1-xd33.google.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <jamofer@gmail.com>) id 1n7mWR-0007eA-3t
 for grub-devel@gnu.org; Wed, 12 Jan 2022 17:55:16 -0500
Received: by mail-io1-xd33.google.com with SMTP id w9so5792470iol.13
 for <grub-devel@gnu.org>; Wed, 12 Jan 2022 14:55:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=mime-version:from:date:message-id:subject:to;
 bh=HygBpDBx8voPEp0V2ouRYSzRj4XacQTHsQwKZ85JeiM=;
 b=WeOUeqDokOoQyOuEi2tjBzAzyZh15bbgjrSlQgLgDCRImvwvqXvEoZb/IjjAREXQJJ
 FFz0HSYkTfOnwyf78+TCKCsYe0ZFgdLWUqSlG8m2FMS+b54qK97/owwMyNSsAWl+vBWe
 tPIFQpHXFvTlawom0mMk/CT+zOiCIZDtECeRK2w9kr37idLewCt0ZjJffQJR8Fb1hsj/
 mgeB+wWmrDqVOfyvZlO5LyMwGUNTnQxHUId6INArZShFSsvsfVetcmgyaPZkwbLLoO0Q
 ZhZlN53QWZN6fYzARvXU4cIftZIH8e7ZsthGPQ1X1N7pMU0rveu4b6w2Tna1jYWvcTS2
 1CBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=HygBpDBx8voPEp0V2ouRYSzRj4XacQTHsQwKZ85JeiM=;
 b=FFbZGGNeSGAtALodsdMBKPcJVBCRMiOuSUZs6vynMyg+kwccaw1uYPjQdf44KoCrpZ
 m+95rAS0eCwrg3QqIcevyFQ7biMerPzbaQB9ZVTP18IHoqD/M8XrYhSrBojK32+rbiO/
 pzUp82kEMTii+XpNPtbHAu/Ij8SZlCIYCAaPDtASPpSzq10Gjn8vg1aJOuklzf41jR7g
 1ACR2cXoun94R1MEleohPvui8X+NmaRmuWgXLbbm5SsS+lPevXvAnFYIMlU20TpgdoR2
 VNpTH7Zy9OoOj93kkB+x9rDsxouBM4fL3wRbvm1GxHHk5Dlo9tAMpGMUkQRh3TPuXQJ2
 V5LQ==
X-Gm-Message-State: AOAM530/lWfCLJpkVjDUeRk9Z7mIse5sG+TEabjapEq1kYU3SSubAC3n
 XLubA2UE/pUIXK6veM8T32ivPaMwUktv7KCXQd9eZJsuREI=
X-Google-Smtp-Source: ABdhPJyZ3GolfvX2BPQ2yLlJUtYLfgqt+4YFaFUGRdBP9ZyN/KHWjGvGUeaBzdHP3ESaAEk39Q8tHee6z8J0LoXUu3s=
X-Received: by 2002:a05:6638:348c:: with SMTP id
 t12mr866576jal.269.1642028109136; 
 Wed, 12 Jan 2022 14:55:09 -0800 (PST)
MIME-Version: 1.0
From: Javier Moragon <jamofer@gmail.com>
Date: Wed, 12 Jan 2022 23:54:58 +0100
Message-ID: <CAO3k2X2tye+p6edt=ZKDy97R105h5Kyh2gsT3uOqiaiUuPuGhA@mail.gmail.com>
Subject: [PATCH] http module is not checking correctly HTTP headers
To: grub-devel@gnu.org
Content-Type: text/plain; charset="UTF-8"
X-Host-Lookup-Failed: Reverse DNS lookup failed for 2607:f8b0:4864:20::d33
 (failed)
Received-SPF: pass client-ip=2607:f8b0:4864:20::d33;
 envelope-from=jamofer@gmail.com; helo=mail-io1-xd33.google.com
X-Spam_score_int: -12
X-Spam_score: -1.3
X-Spam_bar: -
X-Spam_report: (-1.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jan 2022 22:55:18 -0000

According to https://www.ietf.org/rfc/rfc2616.txt 4.2, header names
shall be case insensitive and we are now forced to read headers like
`Content-Length` capitalized.

The problem with that is when a HTTP server responds with a
`content-length` header in lowercase GRUB gets stuck because HTTP
module doesn't know the length of the transmision and the call never
ends. I've been able to reproduce it and after ignoring the text case
it worked perfectly.

Here is it my patch proposal:

diff --git a/grub-core/net/http.c b/grub-core/net/http.c
index b616cf40b..570fa3934 100644
--- a/grub-core/net/http.c
+++ b/grub-core/net/http.c
@@ -130,7 +130,7 @@ parse_line (grub_file_t file, http_data_t data,
char *ptr, grub_size_t len)
       data->first_line_recv = 1;
       return GRUB_ERR_NONE;
     }
-  if (grub_memcmp (ptr, "Content-Length: ", sizeof ("Content-Length: ") - 1)
+  if (grub_strncasecmp (ptr, "Content-Length: ", grub_strlen
("Content-Length: ") )
       == 0 && !data->size_recv)
     {
       ptr += sizeof ("Content-Length: ") - 1;
@@ -138,8 +138,8 @@ parse_line (grub_file_t file, http_data_t data,
char *ptr, grub_size_t len)
       data->size_recv = 1;
       return GRUB_ERR_NONE;
     }
-  if (grub_memcmp (ptr, "Transfer-Encoding: chunked",
-    sizeof ("Transfer-Encoding: chunked") - 1) == 0)
+  if (grub_strncasecmp (ptr, "Transfer-Encoding: chunked",
+    grub_strlen ("Transfer-Encoding: chunked") ) == 0)
     {
       data->chunked = 1;
       return GRUB_ERR_NONE;