xref: /aosp_15_r20/external/libwebsockets/READMEs/README.http_parser.md (revision 1c60b9aca93fdbc9b5f19b2d2194c91294b22281)
1*1c60b9acSAndroid Build Coastguard Worker# Notes on http parser corner cases
2*1c60b9acSAndroid Build Coastguard Worker
3*1c60b9acSAndroid Build Coastguard Worker## Dealing with %00
4*1c60b9acSAndroid Build Coastguard Worker
5*1c60b9acSAndroid Build Coastguard Worker%00 is considered illegal in
6*1c60b9acSAndroid Build Coastguard Worker
7*1c60b9acSAndroid Build Coastguard Worker - the path part of the URL.  A lot of user code handles it as a NUL terminated string,
8*1c60b9acSAndroid Build Coastguard Worker   even though the header get apis are based around length.  So it is disallowed to
9*1c60b9acSAndroid Build Coastguard Worker   avoid ambiguity.
10*1c60b9acSAndroid Build Coastguard Worker
11*1c60b9acSAndroid Build Coastguard Worker - the name part of a urlarg, like ?name=value
12*1c60b9acSAndroid Build Coastguard Worker
13*1c60b9acSAndroid Build Coastguard Worker%00 is valid in
14*1c60b9acSAndroid Build Coastguard Worker
15*1c60b9acSAndroid Build Coastguard Worker - the value part of a urlarg, like ?name=value
16*1c60b9acSAndroid Build Coastguard Worker
17*1c60b9acSAndroid Build Coastguard WorkerWhen the parser sees %00 where it is not allowed, it simply drops the connection.
18*1c60b9acSAndroid Build Coastguard Worker
19*1c60b9acSAndroid Build Coastguard Worker## Note on proper urlarg handling
20*1c60b9acSAndroid Build Coastguard Worker
21*1c60b9acSAndroid Build Coastguard Workerurlargs are allowed to contain non-NUL terminated binary.  So it is important to
22*1c60b9acSAndroid Build Coastguard Workeruse the length-based urlarg apis
23*1c60b9acSAndroid Build Coastguard Worker
24*1c60b9acSAndroid Build Coastguard Worker - `lws_hdr_copy_fragment()`
25*1c60b9acSAndroid Build Coastguard Worker - `lws_get_urlarg_by_name_safe()`
26*1c60b9acSAndroid Build Coastguard Worker
27*1c60b9acSAndroid Build Coastguard WorkerThe non-length based urlarg api
28*1c60b9acSAndroid Build Coastguard Worker
29*1c60b9acSAndroid Build Coastguard Worker - `lws_get_urlarg_by_name()`
30*1c60b9acSAndroid Build Coastguard Worker
31*1c60b9acSAndroid Build Coastguard Worker...is soft-deprecated, it's still allowed but it will be fooled by the first %00
32*1c60b9acSAndroid Build Coastguard Workerseen in the argument into truncating the argument.  Use `lws_get_urlarg_by_name_safe()`
33*1c60b9acSAndroid Build Coastguard Workerinstead.
34