Headers are not always fully parsed

[pepve]

If traffic gets fragmented, only the first fragment is parsed for headers. If the Host header is not in the first fragment, the request is not handled. Example:

(echo -n $'GET / HTTP/1.1\r\n'; sleep 2; echo -n $'Host: test\r\n\r\n') | nc -q 1 vost 80

[kommander]

Very true. I think that could be fixed by buffering request data up until a setable amount of bytes and repeatedly search for the host. If the host is not found in that amount of data, the request could be ignored or treated as "host not found", which has to be added anyway ;)