release: 9.1.1

nodejs · Sep 13, 2023 · 4333cc5 · 4333cc5
1 parent ddb1950
commit 4333cc5
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 3 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.5.1)
 cmake_policy(SET CMP0069 NEW)
 
-project(llhttp VERSION 9.1.0)
+project(llhttp VERSION 9.1.1)
 include(GNUInstallDirs)
 
 set(CMAKE_C_STANDARD 99)

diff --git a/README.md b/README.md
@@ -361,6 +361,8 @@ Normally `llhttp` would error when a CR is not followed by LF when terminating t
 request line, the status line, the headers or a chunk header.
 With this flag only a CR is required to terminate such sections.
 
+**Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!**
+
 ### `void llhttp_set_lenient_optional_cr_before_lf(llhttp_t* parser, int enabled)`
 
 Enables/disables lenient handling of line separators.

diff --git a/include/llhttp.h b/include/llhttp.h
@@ -4,7 +4,7 @@
 
 #define LLHTTP_VERSION_MAJOR 9
 #define LLHTTP_VERSION_MINOR 1
-#define LLHTTP_VERSION_PATCH 0
+#define LLHTTP_VERSION_PATCH 1
 
 #ifndef INCLUDE_LLHTTP_ITSELF_H_
 #define INCLUDE_LLHTTP_ITSELF_H_
@@ -809,7 +809,7 @@ void llhttp_set_lenient_keep_alive(llhttp_t* parser, int enabled);
  * avoid request smuggling.
  * With this flag the extra value will be parsed normally.
  *
- * **Enabling this flag can pose a security issue since you will be exposed to 
+ * **Enabling this flag can pose a security issue since you will be exposed to
  * request smuggling attacks. USE WITH CAUTION!**
  */
 LLHTTP_EXPORT
@@ -852,6 +852,19 @@ void llhttp_set_lenient_data_after_close(llhttp_t* parser, int enabled);
 LLHTTP_EXPORT
 void llhttp_set_lenient_optional_lf_after_cr(llhttp_t* parser, int enabled);
 
+/*
+ * Enables/disables lenient handling of line separators.
+ *
+ * Normally `llhttp` would error when a LF is not preceded by CR when terminating the
+ * request line, the status line, the headers, a chunk header or a chunk data.
+ * With this flag only a LF is required to terminate such sections.
+ *
+ * **Enabling this flag can pose a security issue since you will be exposed to
+ * request smuggling attacks. USE WITH CAUTION!**
+ */
+LLHTTP_EXPORT
+void llhttp_set_lenient_optional_cr_before_lf(llhttp_t* parser, int enabled);
+
 /* Enables/disables lenient handling of chunks not separated via CRLF.
  *
  * Normally `llhttp` would error when after a chunk data a CRLF is missing before
@@ -864,6 +877,18 @@ void llhttp_set_lenient_optional_lf_after_cr(llhttp_t* parser, int enabled);
 LLHTTP_EXPORT
 void llhttp_set_lenient_optional_crlf_after_chunk(llhttp_t* parser, int enabled);
 
+/* Enables/disables lenient handling of spaces after chunk size.
+ *
+ * Normally `llhttp` would error when after a chunk size is followed by one or more
+ * spaces are present instead of a CRLF or `;`.
+ * With this flag this check is disabled.
+ *
+ * **Enabling this flag can pose a security issue since you will be exposed to
+ * request smuggling attacks. USE WITH CAUTION!**
+ */
+LLHTTP_EXPORT
+void llhttp_set_lenient_spaces_after_chunk_size(llhttp_t* parser, int enabled);
+
 #ifdef __cplusplus
 } /* extern "C" */
 #endif