diff options
| -rw-r--r-- | src/cowboy_protocol.erl | 4 | ||||
| -rw-r--r-- | test/http_SUITE.erl | 2 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/cowboy_protocol.erl b/src/cowboy_protocol.erl index 82f1f38..8763baa 100644 --- a/src/cowboy_protocol.erl +++ b/src/cowboy_protocol.erl @@ -136,6 +136,8 @@ wait_request(Buffer, State=#state{socket=Socket, transport=Transport, %% Empty lines must be using \r\n. parse_request(<< $\n, _/binary >>, State, _) -> error_terminate(400, State); +parse_request(<< $\s, _/bits >>, State, _) -> + error_terminate(400, State); %% We limit the length of the Request-line to MaxLength to avoid endlessly %% reading from the socket and eventually crashing. parse_request(Buffer, State=#state{max_request_line_length=MaxLength, @@ -170,6 +172,8 @@ parse_method(<< C, Rest/bits >>, State, SoFar) -> parse_uri(<< $\r, _/bits >>, State, _) -> error_terminate(400, State); +parse_uri(<< $\s, _/bits >>, State, Method) -> + error_terminate(400, State); parse_uri(<< "* ", Rest/bits >>, State, Method) -> parse_version(Rest, State, Method, <<"*">>, <<>>); parse_uri(<< "http://", Rest/bits >>, State, Method) -> diff --git a/test/http_SUITE.erl b/test/http_SUITE.erl index 3783b6e..bd0f247 100644 --- a/test/http_SUITE.erl +++ b/test/http_SUITE.erl @@ -256,6 +256,8 @@ The document has moved {400, "\n"}, {400, "Garbage\r\n\r\n"}, {400, "\r\n\r\n\r\n\r\n\r\n\r\n"}, + {400, " / HTTP/1.1\r\nHost: localhost\r\n\r\n"}, + {400, "GET HTTP/1.1\r\nHost: localhost\r\n\r\n"}, {400, "GET / HTTP/1.1\r\nHost: ninenines.eu\r\n\r\n"}, {400, "GET http://proxy/ HTTP/1.1\r\n\r\n"}, {400, "GET / HTTP/1.1\r\nHost: localhost:bad_port\r\n\r\n"}, |