Bug #10970
OPTIONS * request generates assert
Start date:
09/24/2022
Due date:
% Done:
100%
Estimated time:
Description
Issuing the following (valid) http request:
OPTIONS * HTTP/1.1
triggers the following assert
assert(path.empty() || path[0] == '/');
due to path being *.
Not sure if this is just an assert issue, or that the * is indeed not handled correctly for OPTIONS requests.
Files
Updated by Roel Standaert 6 months ago
- Status changed from New to InProgress
- Assignee set to Roel Standaert
- Target version set to 4.9.0
Updated by Roel Standaert 6 months ago
- File 0001-WT-10970-disallow-asterisk-form-RFC-9112-3.2.4.patch 0001-WT-10970-disallow-asterisk-form-RFC-9112-3.2.4.patch added
- Status changed from InProgress to Review
- Assignee changed from Roel Standaert to Korneel Dumon
It appears that the easiest way to fix this is to disallow those kinds of requests. The patch (attached) is currently in review.
Updated by Roel Standaert 6 months ago
- Status changed from Review to Implemented @Emweb
- Assignee changed from Korneel Dumon to Roel Standaert
- % Done changed from 0 to 100