diff options
author | Martin Rehfeld <[email protected]> | 2015-01-30 13:43:55 +0000 |
---|---|---|
committer | Martin Rehfeld <[email protected]> | 2015-01-30 13:43:55 +0000 |
commit | 07ef3c32d71cd52ea46d0469ff8c75d312c2d32e (patch) | |
tree | eb615c6a202c83c1e7a2feee791229285ea98bea | |
parent | 3d9078018d7f0a83a359b70c698d35e35fbb94f9 (diff) | |
download | cowboy-07ef3c32d71cd52ea46d0469ff8c75d312c2d32e.tar.gz cowboy-07ef3c32d71cd52ea46d0469ff8c75d312c2d32e.tar.bz2 cowboy-07ef3c32d71cd52ea46d0469ff8c75d312c2d32e.zip |
Reply with 400 on if*-match parsing crash
-rw-r--r-- | src/cowboy_http.erl | 4 | ||||
-rw-r--r-- | src/cowboy_rest.erl | 16 |
2 files changed, 15 insertions, 5 deletions
diff --git a/src/cowboy_http.erl b/src/cowboy_http.erl index 1cf73bf..d616f73 100644 --- a/src/cowboy_http.erl +++ b/src/cowboy_http.erl @@ -668,7 +668,9 @@ token(<< C, Rest/binary >>, Fun, Case, Acc) -> -spec quoted_string(binary(), fun()) -> any(). quoted_string(<< $", Rest/binary >>, Fun) -> - quoted_string(Rest, Fun, <<>>). + quoted_string(Rest, Fun, <<>>); +quoted_string(_, _Fun) -> + {error, badarg}. -spec quoted_string(binary(), fun(), binary()) -> any(). quoted_string(<<>>, _Fun, _Acc) -> diff --git a/src/cowboy_rest.erl b/src/cowboy_rest.erl index f779612..4e5ca25 100644 --- a/src/cowboy_rest.erl +++ b/src/cowboy_rest.erl @@ -523,13 +523,17 @@ resource_exists(Req, State) -> if_match_exists(Req, State) -> State2 = State#state{exists=true}, - case cowboy_req:parse_header(<<"if-match">>, Req) of + try cowboy_req:parse_header(<<"if-match">>, Req) of {ok, undefined, Req2} -> if_unmodified_since_exists(Req2, State2); {ok, '*', Req2} -> if_unmodified_since_exists(Req2, State2); {ok, ETagsList, Req2} -> - if_match(Req2, State2, ETagsList) + if_match(Req2, State2, ETagsList); + {error, badarg} -> + respond(Req, State2, 400) + catch Class:Reason -> + error_terminate(Req, State2, Class, Reason, if_match) end. if_match(Req, State, EtagsList) -> @@ -573,13 +577,17 @@ if_unmodified_since(Req, State, IfUnmodifiedSince) -> end. if_none_match_exists(Req, State) -> - case cowboy_req:parse_header(<<"if-none-match">>, Req) of + try cowboy_req:parse_header(<<"if-none-match">>, Req) of {ok, undefined, Req2} -> if_modified_since_exists(Req2, State); {ok, '*', Req2} -> precondition_is_head_get(Req2, State); {ok, EtagsList, Req2} -> - if_none_match(Req2, State, EtagsList) + if_none_match(Req2, State, EtagsList); + {error, badarg} -> + respond(Req, State, 400) + catch Class:Reason -> + error_terminate(Req, State, Class, Reason, if_none_match) end. if_none_match(Req, State, EtagsList) -> |