From 07ef3c32d71cd52ea46d0469ff8c75d312c2d32e Mon Sep 17 00:00:00 2001 From: Martin Rehfeld Date: Fri, 30 Jan 2015 13:43:55 +0000 Subject: Reply with 400 on if*-match parsing crash --- src/cowboy_http.erl | 4 +++- src/cowboy_rest.erl | 16 ++++++++++++---- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/src/cowboy_http.erl b/src/cowboy_http.erl index 1cf73bf..d616f73 100644 --- a/src/cowboy_http.erl +++ b/src/cowboy_http.erl @@ -668,7 +668,9 @@ token(<< C, Rest/binary >>, Fun, Case, Acc) -> -spec quoted_string(binary(), fun()) -> any(). quoted_string(<< $", Rest/binary >>, Fun) -> - quoted_string(Rest, Fun, <<>>). + quoted_string(Rest, Fun, <<>>); +quoted_string(_, _Fun) -> + {error, badarg}. -spec quoted_string(binary(), fun(), binary()) -> any(). quoted_string(<<>>, _Fun, _Acc) -> diff --git a/src/cowboy_rest.erl b/src/cowboy_rest.erl index f779612..4e5ca25 100644 --- a/src/cowboy_rest.erl +++ b/src/cowboy_rest.erl @@ -523,13 +523,17 @@ resource_exists(Req, State) -> if_match_exists(Req, State) -> State2 = State#state{exists=true}, - case cowboy_req:parse_header(<<"if-match">>, Req) of + try cowboy_req:parse_header(<<"if-match">>, Req) of {ok, undefined, Req2} -> if_unmodified_since_exists(Req2, State2); {ok, '*', Req2} -> if_unmodified_since_exists(Req2, State2); {ok, ETagsList, Req2} -> - if_match(Req2, State2, ETagsList) + if_match(Req2, State2, ETagsList); + {error, badarg} -> + respond(Req, State2, 400) + catch Class:Reason -> + error_terminate(Req, State2, Class, Reason, if_match) end. if_match(Req, State, EtagsList) -> @@ -573,13 +577,17 @@ if_unmodified_since(Req, State, IfUnmodifiedSince) -> end. if_none_match_exists(Req, State) -> - case cowboy_req:parse_header(<<"if-none-match">>, Req) of + try cowboy_req:parse_header(<<"if-none-match">>, Req) of {ok, undefined, Req2} -> if_modified_since_exists(Req2, State); {ok, '*', Req2} -> precondition_is_head_get(Req2, State); {ok, EtagsList, Req2} -> - if_none_match(Req2, State, EtagsList) + if_none_match(Req2, State, EtagsList); + {error, badarg} -> + respond(Req, State, 400) + catch Class:Reason -> + error_terminate(Req, State, Class, Reason, if_none_match) end. if_none_match(Req, State, EtagsList) -> -- cgit v1.2.3 From aa2d41951a97233f96838a5d0facf53df0bc6319 Mon Sep 17 00:00:00 2001 From: Martin Rehfeld Date: Fri, 30 Jan 2015 14:11:13 +0000 Subject: Only address the specific quoted_string issue --- src/cowboy_rest.erl | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/cowboy_rest.erl b/src/cowboy_rest.erl index 4e5ca25..321b609 100644 --- a/src/cowboy_rest.erl +++ b/src/cowboy_rest.erl @@ -523,7 +523,7 @@ resource_exists(Req, State) -> if_match_exists(Req, State) -> State2 = State#state{exists=true}, - try cowboy_req:parse_header(<<"if-match">>, Req) of + case cowboy_req:parse_header(<<"if-match">>, Req) of {ok, undefined, Req2} -> if_unmodified_since_exists(Req2, State2); {ok, '*', Req2} -> @@ -532,8 +532,6 @@ if_match_exists(Req, State) -> if_match(Req2, State2, ETagsList); {error, badarg} -> respond(Req, State2, 400) - catch Class:Reason -> - error_terminate(Req, State2, Class, Reason, if_match) end. if_match(Req, State, EtagsList) -> @@ -577,7 +575,7 @@ if_unmodified_since(Req, State, IfUnmodifiedSince) -> end. if_none_match_exists(Req, State) -> - try cowboy_req:parse_header(<<"if-none-match">>, Req) of + case cowboy_req:parse_header(<<"if-none-match">>, Req) of {ok, undefined, Req2} -> if_modified_since_exists(Req2, State); {ok, '*', Req2} -> @@ -586,8 +584,6 @@ if_none_match_exists(Req, State) -> if_none_match(Req2, State, EtagsList); {error, badarg} -> respond(Req, State, 400) - catch Class:Reason -> - error_terminate(Req, State, Class, Reason, if_none_match) end. if_none_match(Req, State, EtagsList) -> -- cgit v1.2.3