diff options
author | Loïc Hoguin <[email protected]> | 2017-11-29 18:01:16 +0100 |
---|---|---|
committer | Loïc Hoguin <[email protected]> | 2017-11-29 18:01:16 +0100 |
commit | aea172857fe69ea4e9f3d5c74781df2f40381d7f (patch) | |
tree | 04e893bbe3a55e770cbd9382be613aeecbfbacd9 | |
parent | bec9a43d50d7652dfb8499d7755335b1b6f05a41 (diff) | |
download | cowboy-aea172857fe69ea4e9f3d5c74781df2f40381d7f.tar.gz cowboy-aea172857fe69ea4e9f3d5c74781df2f40381d7f.tar.bz2 cowboy-aea172857fe69ea4e9f3d5c74781df2f40381d7f.zip |
Reject whitespace before/after HTTP/1.1 header names properly
-rw-r--r-- | src/cowboy_http.erl | 15 |
1 files changed, 5 insertions, 10 deletions
diff --git a/src/cowboy_http.erl b/src/cowboy_http.erl index ce24f52..d3d123e 100644 --- a/src/cowboy_http.erl +++ b/src/cowboy_http.erl @@ -490,19 +490,14 @@ parse_hd_name(<< $:, Rest/bits >>, State, H, SoFar) -> parse_hd_name(<< C, _/bits >>, State=#state{in_state=PS}, H, <<>>) when ?IS_WS(C) -> error_terminate(400, State#state{in_state=PS#ps_header{headers=H}}, {connection_error, protocol_error, - 'Whitespace is not allowed between the header name and the colon. (RFC7230 3.2)'}); -parse_hd_name(<< C, Rest/bits >>, State, H, SoFar) when ?IS_WS(C) -> - parse_hd_name_ws(Rest, State, H, SoFar); + 'Whitespace is not allowed before the header name. (RFC7230 3.2)'}); +parse_hd_name(<< C, _/bits >>, State=#state{in_state=PS}, H, _) when ?IS_WS(C) -> + error_terminate(400, State#state{in_state=PS#ps_header{headers=H}}, + {connection_error, protocol_error, + 'Whitespace is not allowed between the header name and the colon. (RFC7230 3.2.4)'}); parse_hd_name(<< C, Rest/bits >>, State, H, SoFar) -> ?LOWER(parse_hd_name, Rest, State, H, SoFar). -parse_hd_name_ws(<< C, Rest/bits >>, S, H, Name) -> - case C of - $\s -> parse_hd_name_ws(Rest, S, H, Name); - $\t -> parse_hd_name_ws(Rest, S, H, Name); - $: -> parse_hd_before_value(Rest, S, H, Name) - end. - parse_hd_before_value(<< $\s, Rest/bits >>, S, H, N) -> parse_hd_before_value(Rest, S, H, N); parse_hd_before_value(<< $\t, Rest/bits >>, S, H, N) -> |