diff options
author | Loïc Hoguin <[email protected]> | 2019-10-02 13:31:13 +0200 |
---|---|---|
committer | Loïc Hoguin <[email protected]> | 2019-10-02 13:31:13 +0200 |
commit | a14ecf19c68ba5b9eb828a41356b1adbc1c5739c (patch) | |
tree | 7f73ffc12263eea51a7b20518db65012721a2c7e /src/cowboy_http.erl | |
parent | 8e315485975601b62a820df0f0283d83a13fc40b (diff) | |
download | cowboy-a14ecf19c68ba5b9eb828a41356b1adbc1c5739c.tar.gz cowboy-a14ecf19c68ba5b9eb828a41356b1adbc1c5739c.tar.bz2 cowboy-a14ecf19c68ba5b9eb828a41356b1adbc1c5739c.zip |
Add more HTTP/1.1 header parsing tests
Fix a case where Cowboy was waiting for more data that simply
did not come. Now Cowboy will generate an error immediately
when a header line has no colon separator.
These test cases come from known request smuggling attack
vectors. Cowboy was not vulnerable to any of them.
Diffstat (limited to 'src/cowboy_http.erl')
-rw-r--r-- | src/cowboy_http.erl | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/cowboy_http.erl b/src/cowboy_http.erl index 5136a3b..a6c640a 100644 --- a/src/cowboy_http.erl +++ b/src/cowboy_http.erl @@ -541,7 +541,16 @@ parse_header_colon(Buffer, State=#state{opts=Opts, in_state=PS}, Headers) -> {connection_error, limit_reached, 'A header name is larger than configuration allows. (RFC7230 3.2.5, RFC6585 5)'}); nomatch -> - {more, State#state{in_state=PS#ps_header{headers=Headers}}, Buffer}; + %% We don't have a colon but we might have an invalid header line, + %% so check if we have an LF and abort with an error if we do. + case match_eol(Buffer, 0) of + nomatch -> + {more, State#state{in_state=PS#ps_header{headers=Headers}}, Buffer}; + _ -> + error_terminate(400, State#state{in_state=PS#ps_header{headers=Headers}}, + {connection_error, protocol_error, + 'A header line is missing a colon separator. (RFC7230 3.2.4)'}) + end; _ -> parse_hd_name(Buffer, State, Headers, <<>>) end. |