diff options
author | Ingela Anderton Andin <[email protected]> | 2014-05-16 14:46:13 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2014-05-23 16:33:50 +0200 |
commit | ee3fd715255a865b80532ad1cf88e51a8a4147ba (patch) | |
tree | f1aebf9ee99cdb3cc81e7fb47def0216c4a3fd72 | |
parent | bf352a0d19499f9041cb887ce83c1c13b9def759 (diff) | |
download | otp-ee3fd715255a865b80532ad1cf88e51a8a4147ba.tar.gz otp-ee3fd715255a865b80532ad1cf88e51a8a4147ba.tar.bz2 otp-ee3fd715255a865b80532ad1cf88e51a8a4147ba.zip |
inets: httpd - Behave well on not so long but wrong request lines
-rw-r--r-- | lib/inets/src/http_server/httpd_request.erl | 16 | ||||
-rw-r--r-- | lib/inets/src/http_server/httpd_request_handler.erl | 5 | ||||
-rw-r--r-- | lib/inets/test/httpd_basic_SUITE.erl | 27 |
3 files changed, 44 insertions, 4 deletions
diff --git a/lib/inets/src/http_server/httpd_request.erl b/lib/inets/src/http_server/httpd_request.erl index 68e7c16702..712c73599f 100644 --- a/lib/inets/src/http_server/httpd_request.erl +++ b/lib/inets/src/http_server/httpd_request.erl @@ -107,8 +107,12 @@ validate("POST", Uri, "HTTP/1." ++ _N) -> validate("TRACE", Uri, "HTTP/1." ++ N) when hd(N) >= $1 -> validate_uri(Uri); validate(Method, Uri, Version) -> - {error, {not_supported, {Method, Uri, Version}}}. - + case validate_version(Version) of + true -> + {error, {not_supported, {Method, Uri, Version}}}; + false -> + {error, {bad_version, Version}} + end. %%---------------------------------------------------------------------- %% The request is passed through the server as a record of type mod %% create it. @@ -296,6 +300,14 @@ validate_path([".." | Rest], N, RequestURI) -> validate_path([_ | Rest], N, RequestURI) -> validate_path(Rest, N + 1, RequestURI). +validate_version("HTTP/1.1") -> + true; +validate_version("HTTP/1.0") -> + true; +validate_version("HTTP/0.9") -> + true; +validate_version(_) -> + false. %%---------------------------------------------------------------------- %% There are 3 possible forms of the reuqest URI %% diff --git a/lib/inets/src/http_server/httpd_request_handler.erl b/lib/inets/src/http_server/httpd_request_handler.erl index 8dcfec570a..b3c9cbc46a 100644 --- a/lib/inets/src/http_server/httpd_request_handler.erl +++ b/lib/inets/src/http_server/httpd_request_handler.erl @@ -375,6 +375,11 @@ handle_http_msg({Method, Uri, Version, {RecordHeaders, Headers}, Body}, 400, URI), Reason = io_lib:format("Malformed syntax in URI: ~p~n", [URI]), error_log(Reason, ModData), + {stop, normal, State#state{response_sent = true}}; + {error, {bad_version, Ver}} -> + httpd_response:send_status(ModData#mod{http_version = "HTTP/0.9"}, 400, Ver), + Reason = io_lib:format("Malformed syntax version: ~p~n", [Ver]), + error_log(Reason, ModData), {stop, normal, State#state{response_sent = true}} end; handle_http_msg({ChunkedHeaders, Body}, diff --git a/lib/inets/test/httpd_basic_SUITE.erl b/lib/inets/test/httpd_basic_SUITE.erl index 1eb852e85a..1fcc5f257e 100644 --- a/lib/inets/test/httpd_basic_SUITE.erl +++ b/lib/inets/test/httpd_basic_SUITE.erl @@ -196,16 +196,39 @@ entity_too_long(Config) when is_list(Config) -> Info = httpd:info(Pid), Port = proplists:get_value(port, Info), Address = proplists:get_value(bind_address, Info), + + %% Not so long but wrong + ok = httpd_test_lib:verify_request(ip_comm, Address, Port, node(), + "GET / " ++ + lists:duplicate(5, $A) ++ "\r\n\r\n", + [{statuscode, 400}, + %% Server will send lowest version + %% as it will not get to the + %% client version + %% before aborting + {version, "HTTP/0.9"}]), + + %% Too long ok = httpd_test_lib:verify_request(ip_comm, Address, Port, node(), "GET / " ++ - lists:duplicate(100, $A) ++ "\r\n\r\n", + lists:duplicate(100, $A) ++ "\r\n\r\n", [{statuscode, 413}, %% Server will send lowest version %% as it will not get to the %% client version %% before aborting {version, "HTTP/0.9"}]), - + %% Not so long but wrong + ok = httpd_test_lib:verify_request(ip_comm, Address, Port, node(), + lists:duplicate(5, $A) ++ " / " + "HTTP/1.1\r\n\r\n", + [{statuscode, 501}, + %% Server will send lowest version + %% as it will not get to the + %% client version + %% before aborting + {version, "HTTP/1.1"}]), + %% Too long ok = httpd_test_lib:verify_request(ip_comm, Address, Port, node(), lists:duplicate(100, $A) ++ " / " "HTTP/1.1\r\n\r\n", |