diff options
author | Péter Dimitrov <[email protected]> | 2017-11-01 13:05:22 +0100 |
---|---|---|
committer | Péter Dimitrov <[email protected]> | 2017-11-15 16:26:58 +0100 |
commit | 7d6d272b7d04cf6640145f5381c39193e40ba5f8 (patch) | |
tree | 49773b1b10c0ade04a8e30b94e470e22fa042d23 /lib/inets/src/http_lib/http_util.erl | |
parent | 6db8210068a55696cd5e444d40d3676737113d03 (diff) | |
download | otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.tar.gz otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.tar.bz2 otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.zip |
inets: Fix http content injection bug in httpc
- uri_string module used for parsing URIs.
- Removed url_encode option as only valid URIs shall be handled
by the http client.
- The client rejects URIs that are not compliant with RFC 3986.
Change-Id: I0a5b9766f6463a9802e0b02b445a2c4c91f02236
Diffstat (limited to 'lib/inets/src/http_lib/http_util.erl')
-rw-r--r-- | lib/inets/src/http_lib/http_util.erl | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/lib/inets/src/http_lib/http_util.erl b/lib/inets/src/http_lib/http_util.erl index 487d04f7aa..5577b00cc8 100644 --- a/lib/inets/src/http_lib/http_util.erl +++ b/lib/inets/src/http_lib/http_util.erl @@ -27,7 +27,8 @@ convert_month/1, is_hostname/1, timestamp/0, timeout/2, - html_encode/1 + html_encode/1, + maybe_add_brackets/2 ]). @@ -194,6 +195,24 @@ html_encode(Chars) -> lists:append([char_to_html_entity(Char, Reserved) || Char <- Chars]). +maybe_add_brackets(Addr, false) -> + Addr; +maybe_add_brackets(Addr, true) when is_list(Addr) -> + case is_ipv6_address(Addr) of + true -> + [$[|Addr] ++ "]"; + false -> + Addr + end; +maybe_add_brackets(Addr, true) when is_binary(Addr) -> + case is_ipv6_address(Addr) of + true -> + <<$[,Addr/binary,$]>>; + false -> + Addr + end. + + %%%======================================================================== %%% Internal functions %%%======================================================================== @@ -205,3 +224,14 @@ char_to_html_entity(Char, Reserved) -> false -> [Char] end. + +is_ipv6_address(Addr) when is_binary(Addr) -> + B = binary_to_list(Addr), + is_ipv6_address(B); +is_ipv6_address(Addr) when is_list(Addr) -> + case inet:parse_ipv6strict_address(Addr) of + {ok, _ } -> + true; + {error, _} -> + false + end. |