From aea172857fe69ea4e9f3d5c74781df2f40381d7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= <essen@ninenines.eu>
Date: Wed, 29 Nov 2017 18:01:16 +0100
Subject: Reject whitespace before/after HTTP/1.1 header names properly

---
 src/cowboy_http.erl | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/src/cowboy_http.erl b/src/cowboy_http.erl
index ce24f52..d3d123e 100644
--- a/src/cowboy_http.erl
+++ b/src/cowboy_http.erl
@@ -490,19 +490,14 @@ parse_hd_name(<< $:, Rest/bits >>, State, H, SoFar) ->
 parse_hd_name(<< C, _/bits >>, State=#state{in_state=PS}, H, <<>>) when ?IS_WS(C) ->
 	error_terminate(400, State#state{in_state=PS#ps_header{headers=H}},
 		{connection_error, protocol_error,
-			'Whitespace is not allowed between the header name and the colon. (RFC7230 3.2)'});
-parse_hd_name(<< C, Rest/bits >>, State, H, SoFar) when ?IS_WS(C) ->
-	parse_hd_name_ws(Rest, State, H, SoFar);
+			'Whitespace is not allowed before the header name. (RFC7230 3.2)'});
+parse_hd_name(<< C, _/bits >>, State=#state{in_state=PS}, H, _) when ?IS_WS(C) ->
+	error_terminate(400, State#state{in_state=PS#ps_header{headers=H}},
+		{connection_error, protocol_error,
+			'Whitespace is not allowed between the header name and the colon. (RFC7230 3.2.4)'});
 parse_hd_name(<< C, Rest/bits >>, State, H, SoFar) ->
 	?LOWER(parse_hd_name, Rest, State, H, SoFar).
 
-parse_hd_name_ws(<< C, Rest/bits >>, S, H, Name) ->
-	case C of
-		$\s -> parse_hd_name_ws(Rest, S, H, Name);
-		$\t -> parse_hd_name_ws(Rest, S, H, Name);
-		$: -> parse_hd_before_value(Rest, S, H, Name)
-	end.
-
 parse_hd_before_value(<< $\s, Rest/bits >>, S, H, N) ->
 	parse_hd_before_value(Rest, S, H, N);
 parse_hd_before_value(<< $\t, Rest/bits >>, S, H, N) ->
-- 
cgit v1.2.3