Fix two edge cases when the request-line provided is invalid

2 files changed, 6 insertions, 0 deletions

diff --git a/src/cowboy_protocol.erl b/src/cowboy_protocol.erl
index 82f1f38..8763baa 100644
--- a/src/cowboy_protocol.erl
+++ b/src/cowboy_protocol.erl
@@ -136,6 +136,8 @@ wait_request(Buffer, State=#state{socket=Socket, transport=Transport,
 %% Empty lines must be using \r\n.
 parse_request(<< $\n, _/binary >>, State, _) ->
 	error_terminate(400, State);
+parse_request(<< $\s, _/bits >>, State, _) ->
+	error_terminate(400, State);
 %% We limit the length of the Request-line to MaxLength to avoid endlessly
 %% reading from the socket and eventually crashing.
 parse_request(Buffer, State=#state{max_request_line_length=MaxLength,
@@ -170,6 +172,8 @@ parse_method(<< C, Rest/bits >>, State, SoFar) ->
 
 parse_uri(<< $\r, _/bits >>, State, _) ->
 	error_terminate(400, State);
+parse_uri(<< $\s, _/bits >>, State, Method) ->
+	error_terminate(400, State);
 parse_uri(<< "* ", Rest/bits >>, State, Method) ->
 	parse_version(Rest, State, Method, <<"*">>, <<>>);
 parse_uri(<< "http://", Rest/bits >>, State, Method) ->
diff --git a/test/http_SUITE.erl b/test/http_SUITE.erl
index 3783b6e..bd0f247 100644
--- a/test/http_SUITE.erl
+++ b/test/http_SUITE.erl
@@ -256,6 +256,8 @@ The document has moved
 		{400, "\n"},
 		{400, "Garbage\r\n\r\n"},
 		{400, "\r\n\r\n\r\n\r\n\r\n\r\n"},
+		{400, " / HTTP/1.1\r\nHost: localhost\r\n\r\n"},
+		{400, "GET  HTTP/1.1\r\nHost: localhost\r\n\r\n"},
 		{400, "GET / HTTP/1.1\r\nHost: ninenines.eu\r\n\r\n"},
 		{400, "GET http://proxy/ HTTP/1.1\r\n\r\n"},
 		{400, "GET / HTTP/1.1\r\nHost: localhost:bad_port\r\n\r\n"},