diff options
author | Ingela Anderton Andin <[email protected]> | 2018-04-12 14:24:08 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2018-05-22 18:07:50 +0200 |
commit | daba7e0abe4a5642543676e966298b08dee83eb9 (patch) | |
tree | 244a35a9694091b697b257a1fe915cca89fcf116 /lib | |
parent | 40ab3958644be3fc14682c54233514fdf880386a (diff) | |
download | otp-daba7e0abe4a5642543676e966298b08dee83eb9.tar.gz otp-daba7e0abe4a5642543676e966298b08dee83eb9.tar.bz2 otp-daba7e0abe4a5642543676e966298b08dee83eb9.zip |
inets: Gracefully handle bad headers
max_headers operated on the individual header length instead of
the total length of all headers. Also headers with empty keys are
now discarded.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/inets/src/http_lib/http_request.erl | 6 | ||||
-rw-r--r-- | lib/inets/src/http_server/httpd_request.erl | 6 |
2 files changed, 7 insertions, 5 deletions
diff --git a/lib/inets/src/http_lib/http_request.erl b/lib/inets/src/http_lib/http_request.erl index f68b233e10..8ca1542164 100644 --- a/lib/inets/src/http_lib/http_request.erl +++ b/lib/inets/src/http_lib/http_request.erl @@ -27,10 +27,12 @@ key_value(KeyValueStr) -> case lists:splitwith(fun($:) -> false; (_) -> true end, KeyValueStr) of - {Key, [$: | Value]} -> + {Key, [$: | Value]} when Key =/= [] -> {http_util:to_lower(string:strip(Key)), string:strip(Value)}; {_, []} -> - undefined + undefined; + _ -> + undefined end. %%------------------------------------------------------------------------- %% headers(HeaderList, #http_request_h{}) -> #http_request_h{} diff --git a/lib/inets/src/http_server/httpd_request.erl b/lib/inets/src/http_server/httpd_request.erl index 007d272323..e513eb8a3a 100644 --- a/lib/inets/src/http_server/httpd_request.erl +++ b/lib/inets/src/http_server/httpd_request.erl @@ -259,17 +259,17 @@ parse_headers(<<?LF, Octet, Rest/binary>>, Header, Headers, Current, Max, %% If ?CR is is missing RFC2616 section-19.3 parse_headers(<<?CR,?LF, Octet, Rest/binary>>, Header, Headers, Current, Max, Options, Result); -parse_headers(<<?CR,?LF, Octet, Rest/binary>>, Header, Headers, _, Max, +parse_headers(<<?CR,?LF, Octet, Rest/binary>>, Header, Headers, Current, Max, Options, Result) -> case http_request:key_value(lists:reverse(Header)) of undefined -> %% Skip headers with missing : parse_headers(Rest, [Octet], Headers, - 0, Max, Options, Result); + Current, Max, Options, Result); NewHeader -> case check_header(NewHeader, Options) of ok -> parse_headers(Rest, [Octet], [NewHeader | Headers], - 0, Max, Options, Result); + Current, Max, Options, Result); {error, Reason} -> HttpVersion = lists:nth(3, lists:reverse(Result)), {error, Reason, HttpVersion} |