aboutsummaryrefslogtreecommitdiffstats
path: root/lib/inets/src/http_lib/http_util.erl
diff options
context:
space:
mode:
authorPéter Dimitrov <[email protected]>2017-11-01 13:05:22 +0100
committerPéter Dimitrov <[email protected]>2017-11-15 16:26:58 +0100
commit7d6d272b7d04cf6640145f5381c39193e40ba5f8 (patch)
tree49773b1b10c0ade04a8e30b94e470e22fa042d23 /lib/inets/src/http_lib/http_util.erl
parent6db8210068a55696cd5e444d40d3676737113d03 (diff)
downloadotp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.tar.gz
otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.tar.bz2
otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.zip
inets: Fix http content injection bug in httpc
- uri_string module used for parsing URIs. - Removed url_encode option as only valid URIs shall be handled by the http client. - The client rejects URIs that are not compliant with RFC 3986. Change-Id: I0a5b9766f6463a9802e0b02b445a2c4c91f02236
Diffstat (limited to 'lib/inets/src/http_lib/http_util.erl')
-rw-r--r--lib/inets/src/http_lib/http_util.erl32
1 files changed, 31 insertions, 1 deletions
diff --git a/lib/inets/src/http_lib/http_util.erl b/lib/inets/src/http_lib/http_util.erl
index 487d04f7aa..5577b00cc8 100644
--- a/lib/inets/src/http_lib/http_util.erl
+++ b/lib/inets/src/http_lib/http_util.erl
@@ -27,7 +27,8 @@
convert_month/1,
is_hostname/1,
timestamp/0, timeout/2,
- html_encode/1
+ html_encode/1,
+ maybe_add_brackets/2
]).
@@ -194,6 +195,24 @@ html_encode(Chars) ->
lists:append([char_to_html_entity(Char, Reserved) || Char <- Chars]).
+maybe_add_brackets(Addr, false) ->
+ Addr;
+maybe_add_brackets(Addr, true) when is_list(Addr) ->
+ case is_ipv6_address(Addr) of
+ true ->
+ [$[|Addr] ++ "]";
+ false ->
+ Addr
+ end;
+maybe_add_brackets(Addr, true) when is_binary(Addr) ->
+ case is_ipv6_address(Addr) of
+ true ->
+ <<$[,Addr/binary,$]>>;
+ false ->
+ Addr
+ end.
+
+
%%%========================================================================
%%% Internal functions
%%%========================================================================
@@ -205,3 +224,14 @@ char_to_html_entity(Char, Reserved) ->
false ->
[Char]
end.
+
+is_ipv6_address(Addr) when is_binary(Addr) ->
+ B = binary_to_list(Addr),
+ is_ipv6_address(B);
+is_ipv6_address(Addr) when is_list(Addr) ->
+ case inet:parse_ipv6strict_address(Addr) of
+ {ok, _ } ->
+ true;
+ {error, _} ->
+ false
+ end.