diff options
author | Sina Samavati <[email protected]> | 2015-01-19 20:44:57 +0330 |
---|---|---|
committer | Sina Samavati <[email protected]> | 2015-01-20 00:34:00 +0330 |
commit | ed104c7ad0e488d57040c96974b8d0d022a775da (patch) | |
tree | 808f0041e031f614ce166e7efa517ca61bf8756f /lib/inets/src/http_client/httpc_cookie.erl | |
parent | 50a92094372b45c9864afe3418b79605da549122 (diff) | |
download | otp-ed104c7ad0e488d57040c96974b8d0d022a775da.tar.gz otp-ed104c7ad0e488d57040c96974b8d0d022a775da.tar.bz2 otp-ed104c7ad0e488d57040c96974b8d0d022a775da.zip |
httpc: Avoid parsing invalid 'Set-Cookie' headers
Parsing invalid 'Set-Cookie' header would make httpc crash.
This commit filters invalid 'Set-Cookie' headers so that httpc wouldn't try to parse them.
Diffstat (limited to 'lib/inets/src/http_client/httpc_cookie.erl')
-rw-r--r-- | lib/inets/src/http_client/httpc_cookie.erl | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/lib/inets/src/http_client/httpc_cookie.erl b/lib/inets/src/http_client/httpc_cookie.erl index 134115bdfa..5d71a0bb8f 100644 --- a/lib/inets/src/http_client/httpc_cookie.erl +++ b/lib/inets/src/http_client/httpc_cookie.erl @@ -334,9 +334,23 @@ add_domain(Str, #http_cookie{domain_default = true}) -> add_domain(Str, #http_cookie{domain = Domain}) -> Str ++ "; $Domain=" ++ Domain. +is_set_cookie_valid("") -> + %% an empty Set-Cookie header is not valid + false; +is_set_cookie_valid([$=|_]) -> + %% a Set-Cookie header without name is not valid + false; +is_set_cookie_valid(SetCookieHeader) -> + %% a Set-Cookie header without name/value is not valid + case string:chr(SetCookieHeader, $=) of + 0 -> false; + _ -> true + end. + parse_set_cookies(CookieHeaders, DefaultPathDomain) -> - %% empty Set-Cookie header is invalid according to RFC but some sites violate it - SetCookieHeaders = [Value || {"set-cookie", Value} <- CookieHeaders, Value /= ""], + %% filter invalid Set-Cookie headers + SetCookieHeaders = [Value || {"set-cookie", Value} <- CookieHeaders, + is_set_cookie_valid(Value)], Cookies = [parse_set_cookie(SetCookieHeader, DefaultPathDomain) || SetCookieHeader <- SetCookieHeaders], %% print_cookies("Parsed Cookies", Cookies), |