summaryrefslogtreecommitdiff
path: root/core/io
diff options
context:
space:
mode:
authorMax Hilbrunner <m.hilbrunner@gmail.com>2022-01-14 03:22:23 +0100
committerMax Hilbrunner <m.hilbrunner@gmail.com>2022-01-27 03:22:37 +0100
commit3ef5a975054834466107ed8598352e5315a3a191 (patch)
treef403038c3f16025e84e2613104eee96ff9b42528 /core/io
parent3a83872d261790ed20fdc626eb0de9f515f04f88 (diff)
Verify custom HTTP headers, fix off by one error
Diffstat (limited to 'core/io')
-rw-r--r--core/io/http_client.cpp11
-rw-r--r--core/io/http_client.h1
-rw-r--r--core/io/http_client_tcp.cpp5
3 files changed, 17 insertions, 0 deletions
diff --git a/core/io/http_client.cpp b/core/io/http_client.cpp
index 4d0747c591..52b1120b2a 100644
--- a/core/io/http_client.cpp
+++ b/core/io/http_client.cpp
@@ -96,6 +96,17 @@ String HTTPClient::query_string_from_dict(const Dictionary &p_dict) {
return query.substr(1);
}
+Error HTTPClient::verify_headers(const Vector<String> &p_headers) {
+ for (int i = 0; i < p_headers.size(); i++) {
+ String sanitized = p_headers[i].strip_edges();
+ ERR_FAIL_COND_V_MSG(sanitized.is_empty(), ERR_INVALID_PARAMETER, "Invalid HTTP header at index " + itos(i) + ": empty.");
+ ERR_FAIL_COND_V_MSG(sanitized.find(":") < 1, ERR_INVALID_PARAMETER,
+ "Invalid HTTP header at index " + itos(i) + ": String must contain header-value pair, delimited by ':', but was: " + p_headers[i]);
+ }
+
+ return OK;
+}
+
Dictionary HTTPClient::_get_response_headers_as_dictionary() {
List<String> rh;
get_response_headers(&rh);
diff --git a/core/io/http_client.h b/core/io/http_client.h
index 90c859d685..de6045f647 100644
--- a/core/io/http_client.h
+++ b/core/io/http_client.h
@@ -165,6 +165,7 @@ public:
static HTTPClient *create();
String query_string_from_dict(const Dictionary &p_dict);
+ Error verify_headers(const Vector<String> &p_headers);
virtual Error request(Method p_method, const String &p_url, const Vector<String> &p_headers, const uint8_t *p_body, int p_body_size) = 0;
virtual Error connect_to_host(const String &p_host, int p_port = -1, bool p_ssl = false, bool p_verify_host = true) = 0;
diff --git a/core/io/http_client_tcp.cpp b/core/io/http_client_tcp.cpp
index 7865e297c7..24ec35fa3d 100644
--- a/core/io/http_client_tcp.cpp
+++ b/core/io/http_client_tcp.cpp
@@ -146,6 +146,11 @@ Error HTTPClientTCP::request(Method p_method, const String &p_url, const Vector<
ERR_FAIL_COND_V(status != STATUS_CONNECTED, ERR_INVALID_PARAMETER);
ERR_FAIL_COND_V(connection.is_null(), ERR_INVALID_DATA);
+ Error err = verify_headers(p_headers);
+ if (err) {
+ return err;
+ }
+
String uri = p_url;
if (!ssl && http_proxy_port != -1) {
uri = vformat("http://%s:%d%s", conn_host, conn_port, p_url);