diff options
author | Kirilll Zaborsky <qrilka@gmail.com> | 2015-09-24 15:19:52 +0300 |
---|---|---|
committer | Henrik Nord <henrik@erlang.org> | 2015-10-13 12:37:50 +0200 |
commit | 3b28f0d9bbc9e5745fb95e48e6daf9179461116b (patch) | |
tree | b53abb3936d8918722544fdb5c70b036214e9665 /lib/inets/src/http_lib | |
parent | 60be19014474a39d9b611ef7749bffa1f6096bc1 (diff) | |
download | otp-3b28f0d9bbc9e5745fb95e48e6daf9179461116b.tar.gz otp-3b28f0d9bbc9e5745fb95e48e6daf9179461116b.tar.bz2 otp-3b28f0d9bbc9e5745fb95e48e6daf9179461116b.zip |
inets: scheme validation fun for http_uri
http_uri:parse_scheme function should allow checking
scheme of URIs otherwise it could be easily abused to
reach limit number of atoms in the VM
Diffstat (limited to 'lib/inets/src/http_lib')
-rw-r--r-- | lib/inets/src/http_lib/http_uri.erl | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/lib/inets/src/http_lib/http_uri.erl b/lib/inets/src/http_lib/http_uri.erl index 79591eec29..6fe8c1776d 100644 --- a/lib/inets/src/http_lib/http_uri.erl +++ b/lib/inets/src/http_lib/http_uri.erl @@ -138,16 +138,33 @@ parse_scheme(AbsURI, Opts) -> {error, no_scheme} -> {error, no_scheme}; {SchemeStr, Rest} -> - Scheme = list_to_atom(http_util:to_lower(SchemeStr)), - SchemeDefaults = which_scheme_defaults(Opts), - case lists:keysearch(Scheme, 1, SchemeDefaults) of - {value, {Scheme, DefaultPort}} -> - {Scheme, DefaultPort, Rest}; - false -> - {Scheme, no_default_port, Rest} + case extract_scheme(SchemeStr, Opts) of + {error, Error} -> + {error, Error}; + {ok, Scheme} -> + SchemeDefaults = which_scheme_defaults(Opts), + case lists:keysearch(Scheme, 1, SchemeDefaults) of + {value, {Scheme, DefaultPort}} -> + {Scheme, DefaultPort, Rest}; + false -> + {Scheme, no_default_port, Rest} + end end end. +extract_scheme(Str, Opts) -> + case lists:keysearch(scheme_validation_fun, 1, Opts) of + {value, {scheme_validation_fun, Fun}} when is_function(Fun) -> + case Fun(Str) of + valid -> + {ok, list_to_atom(http_util:to_lower(Str))}; + {error, Error} -> + {error, Error} + end; + _ -> + {ok, list_to_atom(http_util:to_lower(Str))} + end. + parse_uri_rest(Scheme, DefaultPort, "//" ++ URIPart, Opts) -> {Authority, PathQueryFragment} = split_uri(URIPart, "[/?#]", {URIPart, ""}, 1, 0), |