From 6ec20b736ea0a8e8a2a216457273e4dd00b2f1d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= Date: Sat, 9 Apr 2011 15:28:41 +0200 Subject: Limit the number of empty lines to allow before the request-line. Defaults to 5. Prevents someone from indefinitely sending empty lines. --- src/cowboy_http_protocol.erl | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/cowboy_http_protocol.erl b/src/cowboy_http_protocol.erl index 36150b6..b0fef0d 100644 --- a/src/cowboy_http_protocol.erl +++ b/src/cowboy_http_protocol.erl @@ -24,6 +24,8 @@ transport :: module(), dispatch :: dispatch(), handler :: {Handler::module(), Opts::term()}, + req_empty_lines = 0 :: integer(), + max_empty_lines :: integer(), timeout :: timeout(), connection = keepalive :: keepalive | close }). @@ -41,9 +43,10 @@ start_link(Socket, Transport, Opts) -> -spec init(Socket::socket(), Transport::module(), Opts::term()) -> ok. init(Socket, Transport, Opts) -> Dispatch = proplists:get_value(dispatch, Opts, []), + MaxEmptyLines = proplists:get_value(max_empty_lines, Opts, 5), Timeout = proplists:get_value(timeout, Opts, 5000), wait_request(#state{socket=Socket, transport=Transport, - dispatch=Dispatch, timeout=Timeout}). + dispatch=Dispatch, max_empty_lines=MaxEmptyLines, timeout=Timeout}). -spec wait_request(State::#state{}) -> ok. wait_request(State=#state{socket=Socket, transport=Transport, timeout=T}) -> @@ -78,8 +81,11 @@ request({http_request, Method, '*', Version}, State#state{connection=ConnAtom}); request({http_request, _Method, _URI, _Version}, State) -> error_terminate(501, State); -request({http_error, "\r\n"}, State) -> - wait_request(State); +request({http_error, "\r\n"}, + State=#state{req_empty_lines=N, max_empty_lines=N}) -> + error_terminate(400, State); +request({http_error, "\r\n"}, State=#state{req_empty_lines=N}) -> + wait_request(State#state{req_empty_lines=N + 1}); request({http_error, _Any}, State) -> error_terminate(400, State). -- cgit v1.2.3