aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2014-05-16 14:46:13 +0200
committerIngela Anderton Andin <[email protected]>2014-05-23 16:33:50 +0200
commitee3fd715255a865b80532ad1cf88e51a8a4147ba (patch)
treef1aebf9ee99cdb3cc81e7fb47def0216c4a3fd72
parentbf352a0d19499f9041cb887ce83c1c13b9def759 (diff)
downloadotp-ee3fd715255a865b80532ad1cf88e51a8a4147ba.tar.gz
otp-ee3fd715255a865b80532ad1cf88e51a8a4147ba.tar.bz2
otp-ee3fd715255a865b80532ad1cf88e51a8a4147ba.zip
inets: httpd - Behave well on not so long but wrong request lines
-rw-r--r--lib/inets/src/http_server/httpd_request.erl16
-rw-r--r--lib/inets/src/http_server/httpd_request_handler.erl5
-rw-r--r--lib/inets/test/httpd_basic_SUITE.erl27
3 files changed, 44 insertions, 4 deletions
diff --git a/lib/inets/src/http_server/httpd_request.erl b/lib/inets/src/http_server/httpd_request.erl
index 68e7c16702..712c73599f 100644
--- a/lib/inets/src/http_server/httpd_request.erl
+++ b/lib/inets/src/http_server/httpd_request.erl
@@ -107,8 +107,12 @@ validate("POST", Uri, "HTTP/1." ++ _N) ->
validate("TRACE", Uri, "HTTP/1." ++ N) when hd(N) >= $1 ->
validate_uri(Uri);
validate(Method, Uri, Version) ->
- {error, {not_supported, {Method, Uri, Version}}}.
-
+ case validate_version(Version) of
+ true ->
+ {error, {not_supported, {Method, Uri, Version}}};
+ false ->
+ {error, {bad_version, Version}}
+ end.
%%----------------------------------------------------------------------
%% The request is passed through the server as a record of type mod
%% create it.
@@ -296,6 +300,14 @@ validate_path([".." | Rest], N, RequestURI) ->
validate_path([_ | Rest], N, RequestURI) ->
validate_path(Rest, N + 1, RequestURI).
+validate_version("HTTP/1.1") ->
+ true;
+validate_version("HTTP/1.0") ->
+ true;
+validate_version("HTTP/0.9") ->
+ true;
+validate_version(_) ->
+ false.
%%----------------------------------------------------------------------
%% There are 3 possible forms of the reuqest URI
%%
diff --git a/lib/inets/src/http_server/httpd_request_handler.erl b/lib/inets/src/http_server/httpd_request_handler.erl
index 8dcfec570a..b3c9cbc46a 100644
--- a/lib/inets/src/http_server/httpd_request_handler.erl
+++ b/lib/inets/src/http_server/httpd_request_handler.erl
@@ -375,6 +375,11 @@ handle_http_msg({Method, Uri, Version, {RecordHeaders, Headers}, Body},
400, URI),
Reason = io_lib:format("Malformed syntax in URI: ~p~n", [URI]),
error_log(Reason, ModData),
+ {stop, normal, State#state{response_sent = true}};
+ {error, {bad_version, Ver}} ->
+ httpd_response:send_status(ModData#mod{http_version = "HTTP/0.9"}, 400, Ver),
+ Reason = io_lib:format("Malformed syntax version: ~p~n", [Ver]),
+ error_log(Reason, ModData),
{stop, normal, State#state{response_sent = true}}
end;
handle_http_msg({ChunkedHeaders, Body},
diff --git a/lib/inets/test/httpd_basic_SUITE.erl b/lib/inets/test/httpd_basic_SUITE.erl
index 1eb852e85a..1fcc5f257e 100644
--- a/lib/inets/test/httpd_basic_SUITE.erl
+++ b/lib/inets/test/httpd_basic_SUITE.erl
@@ -196,16 +196,39 @@ entity_too_long(Config) when is_list(Config) ->
Info = httpd:info(Pid),
Port = proplists:get_value(port, Info),
Address = proplists:get_value(bind_address, Info),
+
+ %% Not so long but wrong
+ ok = httpd_test_lib:verify_request(ip_comm, Address, Port, node(),
+ "GET / " ++
+ lists:duplicate(5, $A) ++ "\r\n\r\n",
+ [{statuscode, 400},
+ %% Server will send lowest version
+ %% as it will not get to the
+ %% client version
+ %% before aborting
+ {version, "HTTP/0.9"}]),
+
+ %% Too long
ok = httpd_test_lib:verify_request(ip_comm, Address, Port, node(),
"GET / " ++
- lists:duplicate(100, $A) ++ "\r\n\r\n",
+ lists:duplicate(100, $A) ++ "\r\n\r\n",
[{statuscode, 413},
%% Server will send lowest version
%% as it will not get to the
%% client version
%% before aborting
{version, "HTTP/0.9"}]),
-
+ %% Not so long but wrong
+ ok = httpd_test_lib:verify_request(ip_comm, Address, Port, node(),
+ lists:duplicate(5, $A) ++ " / "
+ "HTTP/1.1\r\n\r\n",
+ [{statuscode, 501},
+ %% Server will send lowest version
+ %% as it will not get to the
+ %% client version
+ %% before aborting
+ {version, "HTTP/1.1"}]),
+ %% Too long
ok = httpd_test_lib:verify_request(ip_comm, Address, Port, node(),
lists:duplicate(100, $A) ++ " / "
"HTTP/1.1\r\n\r\n",