From c1a1fd125d8b0559f182bd8fc10de18f7259047d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= <essen@ninenines.eu>
Date: Fri, 31 May 2013 18:59:52 +0200
Subject: Don't crash on empty Cookie header

It's not allowed, however a heavily deployed client (Flash player)
can send such an empty header, therefore we make a special condition
for it and return an empty list when it happens.
---
 src/cowboy_req.erl | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/cowboy_req.erl b/src/cowboy_req.erl
index 093663c..0e1c8a7 100644
--- a/src/cowboy_req.erl
+++ b/src/cowboy_req.erl
@@ -492,7 +492,10 @@ cookie(Name, Req=#http_req{cookies=undefined}, Default) when is_binary(Name) ->
 		{ok, undefined, Req2} ->
 			{Default, Req2#http_req{cookies=[]}};
 		{ok, Cookies, Req2} ->
-			cookie(Name, Req2#http_req{cookies=Cookies}, Default)
+			cookie(Name, Req2#http_req{cookies=Cookies}, Default);
+		%% Flash player incorrectly sends an empty Cookie header.
+		{error, badarg} ->
+			{Default, Req#http_req{cookies=[]}}
 	end;
 cookie(Name, Req, Default) ->
 	case lists:keyfind(Name, 1, Req#http_req.cookies) of
@@ -507,7 +510,10 @@ cookies(Req=#http_req{cookies=undefined}) ->
 		{ok, undefined, Req2} ->
 			{[], Req2#http_req{cookies=[]}};
 		{ok, Cookies, Req2} ->
-			cookies(Req2#http_req{cookies=Cookies})
+			cookies(Req2#http_req{cookies=Cookies});
+		%% Flash player incorrectly sends an empty Cookie header.
+		{error, badarg} ->
+			{[], Req#http_req{cookies=[]}}
 	end;
 cookies(Req=#http_req{cookies=Cookies}) ->
 	{Cookies, Req}.
-- 
cgit v1.2.3