Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix method parsing #190

Merged
merged 1 commit into from
Oct 29, 2024
Merged

Fix method parsing #190

merged 1 commit into from
Oct 29, 2024

Conversation

jeddenlea
Copy link
Contributor

The is_token function, used exclusively for parsing the method in a request line, allows more values than it should. In particular, it allows a leading space to be parsed. This problem is not exposed in hyper, which revalidates any method extracted by httparse, otherwise I'm sure this would have been noticed sooner!

Checking for a single range of valid bytes is very fast, so I've taken care to make sure that making is_token more complicated doesn't slow down the most common case. While exploring a variety of options, I found the existing benchmark scheme to be a bit misleading because it would test only a single method at a time, so I've made a new benchmark that roughly simulates a mix of requests. Ultimately, what I found to be a reasonable fix without any slowdown for the 99.9999% case is to check b'A'..=b'Z' and then fall back to a "byte map".

Both methods and header names have the same set of allowed bytes, a "token", but their uses are slightly different. I thought it would make sense to rename is_token to is_method_token, to mimic is_header_name_token.

The `is_token` function, used exclusively for parsing the method in
a request line, allows more values than it should. In particular, it
allows a leading space to be parsed.  This problem is not exposed in
hyper, which revalidates any method extracted by httparse, otherwise
I'm sure this would have been noticed sooner!

Checking for a single range of valid bytes is very fast, so I've taken
care to make sure that making `is_token` more complicated doesn't
slow down the most common case.  While exploring a variety of options,
I found the existing benchmark scheme to be a bit misleading because
it would test only a single method at a time, so I've made a new
benchmark that roughly simulates a mix of requests.  Ultimately, what
I found to be a reasonable fix without any slowdown for the 99.9999%
case is to check `b'A'..=b'Z'` and then fall back to a "byte map".

Both methods and header names have the same set of allowed bytes, a
"token", but their uses are slightly different. I thought it would
make sense to rename `is_token` to `is_method_token`, to mimic
`is_header_name_token`.
Copy link
Owner

@seanmonstar seanmonstar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@seanmonstar seanmonstar merged commit 9f6702b into seanmonstar:master Oct 29, 2024
41 checks passed
jeddenlea added a commit to jeddenlea/httparse that referenced this pull request Jan 27, 2025
I wanted to include this in seanmonstar#190, but had to pull it at the last minute
when I found the MSRV was 1.36.  But, now that it's been updated to
1.47, we can do more things in `const`.
@jeddenlea jeddenlea mentioned this pull request Jan 27, 2025
seanmonstar pushed a commit that referenced this pull request Jan 27, 2025
I wanted to include this in #190, but had to pull it at the last minute
when I found the MSRV was 1.36.  But, now that it's been updated to
1.47, we can do more things in `const`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants