From fc062027518ac390c7d2dec7b62adc59a8a89c33 Mon Sep 17 00:00:00 2001 From: reyk Date: Tue, 6 Jan 2015 13:38:59 +0000 Subject: [PATCH] Return "400 Bad Request" instead of "500 Internal Server Error" for unknown/invalid HTTP requests. From Fabian Raetz at gmail --- usr.sbin/httpd/server_http.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c index d83c7b4556a..c9abfdca32b 100644 --- a/usr.sbin/httpd/server_http.c +++ b/usr.sbin/httpd/server_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_http.c,v 1.59 2015/01/04 22:23:58 chrisz Exp $ */ +/* $OpenBSD: server_http.c,v 1.60 2015/01/06 13:38:59 reyk Exp $ */ /* * Copyright (c) 2006 - 2014 Reyk Floeter @@ -214,8 +214,10 @@ server_read_http(struct bufferevent *bev, void *arg) */ if (clt->clt_line == 1) { if ((desc->http_method = server_httpmethod_byname(key)) - == HTTP_METHOD_NONE) - goto fail; + == HTTP_METHOD_NONE) { + server_abort_http(clt, 400, "malformed"); + goto abort; + } /* * Decode request path and query -- 2.20.1