Skip to content

Commit 4333cc5

Browse files
ShogunPandaShogunPanda
committed
release: 9.1.1
1 parent ddb1950 commit 4333cc5

File tree

3 files changed

+30
-3
lines changed

3 files changed

+30
-3
lines changed

CMakeLists.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
cmake_minimum_required(VERSION 3.5.1)
22
cmake_policy(SET CMP0069 NEW)
33

4-
project(llhttp VERSION 9.1.0)
4+
project(llhttp VERSION 9.1.1)
55
include(GNUInstallDirs)
66

77
set(CMAKE_C_STANDARD 99)

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -361,6 +361,8 @@ Normally `llhttp` would error when a CR is not followed by LF when terminating t
361361
request line, the status line, the headers or a chunk header.
362362
With this flag only a CR is required to terminate such sections.
363363
364+
**Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!**
365+
364366
### `void llhttp_set_lenient_optional_cr_before_lf(llhttp_t* parser, int enabled)`
365367
366368
Enables/disables lenient handling of line separators.

include/llhttp.h

Lines changed: 27 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44

55
#define LLHTTP_VERSION_MAJOR 9
66
#define LLHTTP_VERSION_MINOR 1
7-
#define LLHTTP_VERSION_PATCH 0
7+
#define LLHTTP_VERSION_PATCH 1
88

99
#ifndef INCLUDE_LLHTTP_ITSELF_H_
1010
#define INCLUDE_LLHTTP_ITSELF_H_
@@ -809,7 +809,7 @@ void llhttp_set_lenient_keep_alive(llhttp_t* parser, int enabled);
809809
* avoid request smuggling.
810810
* With this flag the extra value will be parsed normally.
811811
*
812-
* **Enabling this flag can pose a security issue since you will be exposed to
812+
* **Enabling this flag can pose a security issue since you will be exposed to
813813
* request smuggling attacks. USE WITH CAUTION!**
814814
*/
815815
LLHTTP_EXPORT
@@ -852,6 +852,19 @@ void llhttp_set_lenient_data_after_close(llhttp_t* parser, int enabled);
852852
LLHTTP_EXPORT
853853
void llhttp_set_lenient_optional_lf_after_cr(llhttp_t* parser, int enabled);
854854

855+
/*
856+
* Enables/disables lenient handling of line separators.
857+
*
858+
* Normally `llhttp` would error when a LF is not preceded by CR when terminating the
859+
* request line, the status line, the headers, a chunk header or a chunk data.
860+
* With this flag only a LF is required to terminate such sections.
861+
*
862+
* **Enabling this flag can pose a security issue since you will be exposed to
863+
* request smuggling attacks. USE WITH CAUTION!**
864+
*/
865+
LLHTTP_EXPORT
866+
void llhttp_set_lenient_optional_cr_before_lf(llhttp_t* parser, int enabled);
867+
855868
/* Enables/disables lenient handling of chunks not separated via CRLF.
856869
*
857870
* Normally `llhttp` would error when after a chunk data a CRLF is missing before
@@ -864,6 +877,18 @@ void llhttp_set_lenient_optional_lf_after_cr(llhttp_t* parser, int enabled);
864877
LLHTTP_EXPORT
865878
void llhttp_set_lenient_optional_crlf_after_chunk(llhttp_t* parser, int enabled);
866879

880+
/* Enables/disables lenient handling of spaces after chunk size.
881+
*
882+
* Normally `llhttp` would error when after a chunk size is followed by one or more
883+
* spaces are present instead of a CRLF or `;`.
884+
* With this flag this check is disabled.
885+
*
886+
* **Enabling this flag can pose a security issue since you will be exposed to
887+
* request smuggling attacks. USE WITH CAUTION!**
888+
*/
889+
LLHTTP_EXPORT
890+
void llhttp_set_lenient_spaces_after_chunk_size(llhttp_t* parser, int enabled);
891+
867892
#ifdef __cplusplus
868893
} /* extern "C" */
869894
#endif

0 commit comments

Comments
 (0)