diff options
| author | Loïc Hoguin <[email protected]> | 2017-06-08 12:23:27 +0200 |
|---|---|---|
| committer | Loïc Hoguin <[email protected]> | 2017-06-08 12:23:27 +0200 |
| commit | 1df21130122cc42f593f34a3984734f6f9ad5095 (patch) | |
| tree | d4b531a64204cd4020c42c5092dce80d874c1ea0 /src/cow_cookie.erl | |
| parent | 20f1ec02b0b1b4727b2c6e96a3b04e4785ff3228 (diff) | |
| download | cowlib-1df21130122cc42f593f34a3984734f6f9ad5095.tar.gz cowlib-1df21130122cc42f593f34a3984734f6f9ad5095.tar.bz2 cowlib-1df21130122cc42f593f34a3984734f6f9ad5095.zip | |
Crash cookie parsing with badarg on error
Diffstat (limited to 'src/cow_cookie.erl')
| -rw-r--r-- | src/cow_cookie.erl | 46 |
1 files changed, 26 insertions, 20 deletions
diff --git a/src/cow_cookie.erl b/src/cow_cookie.erl index b31a528..7ee067a 100644 --- a/src/cow_cookie.erl +++ b/src/cow_cookie.erl @@ -25,7 +25,7 @@ %% @doc Parse a cookie header string and return a list of key/values. --spec parse_cookie(binary()) -> [{binary(), binary()}] | {error, badarg}. +-spec parse_cookie(binary()) -> [{binary(), binary()}]. parse_cookie(Cookie) -> parse_cookie(Cookie, []). @@ -54,27 +54,27 @@ skip_cookie(<< _, Rest/binary >>, Acc) -> skip_cookie(Rest, Acc). parse_cookie_name(<<>>, _, _) -> - {error, badarg}; + error(badarg); parse_cookie_name(<< $=, _/binary >>, _, <<>>) -> - {error, badarg}; + error(badarg); parse_cookie_name(<< $=, Rest/binary >>, Acc, Name) -> parse_cookie_value(Rest, Acc, Name, <<>>); parse_cookie_name(<< $,, _/binary >>, _, _) -> - {error, badarg}; + error(badarg); parse_cookie_name(<< $;, _/binary >>, _, _) -> - {error, badarg}; + error(badarg); parse_cookie_name(<< $\s, _/binary >>, _, _) -> - {error, badarg}; + error(badarg); parse_cookie_name(<< $\t, _/binary >>, _, _) -> - {error, badarg}; + error(badarg); parse_cookie_name(<< $\r, _/binary >>, _, _) -> - {error, badarg}; + error(badarg); parse_cookie_name(<< $\n, _/binary >>, _, _) -> - {error, badarg}; + error(badarg); parse_cookie_name(<< $\013, _/binary >>, _, _) -> - {error, badarg}; + error(badarg); parse_cookie_name(<< $\014, _/binary >>, _, _) -> - {error, badarg}; + error(badarg); parse_cookie_name(<< C, Rest/binary >>, Acc, Name) -> parse_cookie_name(Rest, Acc, << Name/binary, C >>). @@ -83,15 +83,15 @@ parse_cookie_value(<<>>, Acc, Name, Value) -> parse_cookie_value(<< $;, Rest/binary >>, Acc, Name, Value) -> parse_cookie(Rest, [{Name, parse_cookie_trim(Value)}|Acc]); parse_cookie_value(<< $\t, _/binary >>, _, _, _) -> - {error, badarg}; + error(badarg); parse_cookie_value(<< $\r, _/binary >>, _, _, _) -> - {error, badarg}; + error(badarg); parse_cookie_value(<< $\n, _/binary >>, _, _, _) -> - {error, badarg}; + error(badarg); parse_cookie_value(<< $\013, _/binary >>, _, _, _) -> - {error, badarg}; + error(badarg); parse_cookie_value(<< $\014, _/binary >>, _, _, _) -> - {error, badarg}; + error(badarg); parse_cookie_value(<< C, Rest/binary >>, Acc, Name, Value) -> parse_cookie_value(Rest, Acc, Name, << Value/binary, C >>). @@ -148,17 +148,23 @@ parse_cookie_test_() -> ]}, %% Potential edge cases (initially from Mochiweb). {<<"foo=\\x">>, [{<<"foo">>, <<"\\x">>}]}, - {<<"=">>, {error, badarg}}, - {<<" foo ; bar ">>, {error, badarg}}, {<<"foo=;bar=">>, [{<<"foo">>, <<>>}, {<<"bar">>, <<>>}]}, - {<<"foo=\\\";;bar ">>, {error, badarg}}, {<<"foo=\\\";;bar=good ">>, [{<<"foo">>, <<"\\\"">>}, {<<"bar">>, <<"good">>}]}, - {<<"foo=\"\\\";bar">>, {error, badarg}}, {<<>>, []}, %% Flash player. {<<"foo=bar , baz=wibble ">>, [{<<"foo">>, <<"bar , baz=wibble">>}]} ], [{V, fun() -> R = parse_cookie(V) end} || {V, R} <- Tests]. + +parse_cookie_error_test_() -> + %% Value. + Tests = [ + <<"=">>, + <<" foo ; bar ">>, + <<"foo=\\\";;bar ">>, + <<"foo=\"\\\";bar">> + ], + [{V, fun() -> {'EXIT', {badarg, _}} = (catch parse_cookie(V)) end} || V <- Tests]. -endif. %% @doc Convert a cookie name, value and options to its iodata form. |