aboutsummaryrefslogtreecommitdiffstats
path: root/lib/inets/src/http_lib
diff options
context:
space:
mode:
authorKirilll Zaborsky <qrilka@gmail.com>2015-09-24 15:19:52 +0300
committerHenrik Nord <henrik@erlang.org>2015-10-13 12:37:50 +0200
commit3b28f0d9bbc9e5745fb95e48e6daf9179461116b (patch)
treeb53abb3936d8918722544fdb5c70b036214e9665 /lib/inets/src/http_lib
parent60be19014474a39d9b611ef7749bffa1f6096bc1 (diff)
downloadotp-3b28f0d9bbc9e5745fb95e48e6daf9179461116b.tar.gz
otp-3b28f0d9bbc9e5745fb95e48e6daf9179461116b.tar.bz2
otp-3b28f0d9bbc9e5745fb95e48e6daf9179461116b.zip
inets: scheme validation fun for http_uri
http_uri:parse_scheme function should allow checking scheme of URIs otherwise it could be easily abused to reach limit number of atoms in the VM
Diffstat (limited to 'lib/inets/src/http_lib')
-rw-r--r--lib/inets/src/http_lib/http_uri.erl31
1 files changed, 24 insertions, 7 deletions
diff --git a/lib/inets/src/http_lib/http_uri.erl b/lib/inets/src/http_lib/http_uri.erl
index 79591eec29..6fe8c1776d 100644
--- a/lib/inets/src/http_lib/http_uri.erl
+++ b/lib/inets/src/http_lib/http_uri.erl
@@ -138,16 +138,33 @@ parse_scheme(AbsURI, Opts) ->
{error, no_scheme} ->
{error, no_scheme};
{SchemeStr, Rest} ->
- Scheme = list_to_atom(http_util:to_lower(SchemeStr)),
- SchemeDefaults = which_scheme_defaults(Opts),
- case lists:keysearch(Scheme, 1, SchemeDefaults) of
- {value, {Scheme, DefaultPort}} ->
- {Scheme, DefaultPort, Rest};
- false ->
- {Scheme, no_default_port, Rest}
+ case extract_scheme(SchemeStr, Opts) of
+ {error, Error} ->
+ {error, Error};
+ {ok, Scheme} ->
+ SchemeDefaults = which_scheme_defaults(Opts),
+ case lists:keysearch(Scheme, 1, SchemeDefaults) of
+ {value, {Scheme, DefaultPort}} ->
+ {Scheme, DefaultPort, Rest};
+ false ->
+ {Scheme, no_default_port, Rest}
+ end
end
end.
+extract_scheme(Str, Opts) ->
+ case lists:keysearch(scheme_validation_fun, 1, Opts) of
+ {value, {scheme_validation_fun, Fun}} when is_function(Fun) ->
+ case Fun(Str) of
+ valid ->
+ {ok, list_to_atom(http_util:to_lower(Str))};
+ {error, Error} ->
+ {error, Error}
+ end;
+ _ ->
+ {ok, list_to_atom(http_util:to_lower(Str))}
+ end.
+
parse_uri_rest(Scheme, DefaultPort, "//" ++ URIPart, Opts) ->
{Authority, PathQueryFragment} =
split_uri(URIPart, "[/?#]", {URIPart, ""}, 1, 0),