inets: Fix http content injection bug in httpc

- uri_string module used for parsing URIs. - Removed url_encode option as only valid URIs shall be handled by the http client. - The client rejects URIs that are not compliant with RFC 3986. Change-Id: I0a5b9766f6463a9802e0b02b445a2c4c91f02236
author: Péter Dimitrov <[email protected]> 2017-11-01 13:05:22 +0100
committer: Péter Dimitrov <[email protected]> 2017-11-15 16:26:58 +0100
commit: 7d6d272b7d04cf6640145f5381c39193e40ba5f8 (patch)
tree: 49773b1b10c0ade04a8e30b94e470e22fa042d23 /lib/inets/src/http_lib/http_util.erl
parent: 6db8210068a55696cd5e444d40d3676737113d03 (diff)
download: otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.tar.gz
otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.tar.bz2
otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.zip
1 files changed, 31 insertions, 1 deletions
diff --git a/lib/inets/src/http_lib/http_util.erl b/lib/inets/src/http_lib/http_util.erl
index 487d04f7aa..5577b00cc8 100644
--- a/lib/inets/src/http_lib/http_util.erl
+++ b/lib/inets/src/http_lib/http_util.erl
@@ -27,7 +27,8 @@
 	 convert_month/1, 
 	 is_hostname/1,
 	 timestamp/0, timeout/2,
-	 html_encode/1
+	 html_encode/1,
+	 maybe_add_brackets/2
 	]).
 
 
@@ -194,6 +195,24 @@ html_encode(Chars) ->
     lists:append([char_to_html_entity(Char, Reserved) || Char <- Chars]).
 
 
+maybe_add_brackets(Addr, false) ->
+    Addr;
+maybe_add_brackets(Addr, true) when is_list(Addr) ->
+    case is_ipv6_address(Addr) of
+        true ->
+            [$[|Addr] ++ "]";
+        false ->
+            Addr
+    end;
+maybe_add_brackets(Addr, true) when is_binary(Addr) ->
+    case is_ipv6_address(Addr) of
+        true ->
+            <<$[,Addr/binary,$]>>;
+        false ->
+            Addr
+    end.
+
+
 %%%========================================================================
 %%% Internal functions
 %%%========================================================================
@@ -205,3 +224,14 @@ char_to_html_entity(Char, Reserved) ->
 	false ->
 	    [Char]
     end.
+
+is_ipv6_address(Addr) when is_binary(Addr) ->
+    B = binary_to_list(Addr),
+    is_ipv6_address(B);
+is_ipv6_address(Addr) when is_list(Addr) ->
+    case inet:parse_ipv6strict_address(Addr) of
+        {ok, _ } ->
+            true;
+        {error, _} ->
+            false
+    end.
author	Péter Dimitrov <[email protected]>	2017-11-01 13:05:22 +0100
committer	Péter Dimitrov <[email protected]>	2017-11-15 16:26:58 +0100
commit	7d6d272b7d04cf6640145f5381c39193e40ba5f8 (patch)
tree	49773b1b10c0ade04a8e30b94e470e22fa042d23 /lib/inets/src/http_lib/http_util.erl
parent	6db8210068a55696cd5e444d40d3676737113d03 (diff)
download	otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.tar.gz otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.tar.bz2 otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.zip