From 1577983b9b3883b74e3e460ed4f8f6916ffaa3a5 Mon Sep 17 00:00:00 2001
From: Micael Karlberg <bmk@erlang.org>
Date: Wed, 26 Oct 2011 12:20:29 +0200
Subject: Fixed hex-decoding. OTP-9655

---
 lib/inets/src/http_lib/http_uri.erl                | 33 +++++++++++++++++-----
 .../src/http_server/httpd_request_handler.erl      |  4 +--
 lib/inets/src/http_server/httpd_response.erl       | 16 ++++++++---
 lib/inets/src/http_server/httpd_util.erl           |  2 +-
 lib/inets/src/inets_app/inets.appup.src            | 14 +++++----
 5 files changed, 49 insertions(+), 20 deletions(-)

(limited to 'lib/inets/src')

diff --git a/lib/inets/src/http_lib/http_uri.erl b/lib/inets/src/http_lib/http_uri.erl
index 3804af60f4..b470fd0b46 100644
--- a/lib/inets/src/http_lib/http_uri.erl
+++ b/lib/inets/src/http_lib/http_uri.erl
@@ -21,7 +21,8 @@
 -module(http_uri).
 
 -export([parse/1]).
--export([parse/1, encode/1, decode/1]).
+-export([encode/1, decode/1]).
+
 
 %%%=========================================================================
 %%%  API
@@ -45,16 +46,33 @@ encode(URI) ->
 			       $\\, $', $^, $%, $ ]),
     lists:append(lists:map(fun(Char) -> uri_encode(Char, Reserved) end, URI)).
 
-decode([$%,Hex1,Hex2|Rest]) ->
-    [hex2dec(Hex1)*16+hex2dec(Hex2)|decode(Rest)];
-decode([First|Rest]) ->
-    [First|decode(Rest)];
-decode([]) ->
+decode(String) ->
+    try
+	begin
+	    do_decode(String)
+	end
+    catch
+	throw:{bad_hex_value, _BadChar} ->
+	    %% The string is either badly encoded or a string 
+	    %% containing a % followed by a non-hex char.
+	    %% In any case, return as-is since there is nothing 
+	    %% we can do...
+	    %% Note that the valid hex-chars are: 0-9, a-f and A-F.
+	    String
+    end.
+
+do_decode([$%,Hex1,Hex2|Rest]) ->
+    [hex2dec(Hex1)*16+hex2dec(Hex2)|do_decode(Rest)];
+do_decode([First|Rest]) ->
+    [First|do_decode(Rest)];
+do_decode([]) ->
     [].
 
+
 %%%========================================================================
 %%% Internal functions
 %%%========================================================================
+
 parse_scheme(AbsURI) ->
     case split_uri(AbsURI, ":", {error, no_scheme}, 1, 1) of
 	{error, no_scheme} ->
@@ -138,4 +156,5 @@ uri_encode(Char, Reserved) ->
 
 hex2dec(X) when (X>=$0) andalso (X=<$9) -> X-$0;
 hex2dec(X) when (X>=$A) andalso (X=<$F) -> X-$A+10;
-hex2dec(X) when (X>=$a) andalso (X=<$f) -> X-$a+10.
+hex2dec(X) when (X>=$a) andalso (X=<$f) -> X-$a+10;
+hex2dec(X)                              -> throw({bad_hex_value, X}).
diff --git a/lib/inets/src/http_server/httpd_request_handler.erl b/lib/inets/src/http_server/httpd_request_handler.erl
index fa832cba3f..1bf1b20b5b 100644
--- a/lib/inets/src/http_server/httpd_request_handler.erl
+++ b/lib/inets/src/http_server/httpd_request_handler.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -343,7 +343,7 @@ handle_http_msg({Method, Uri, Version, {RecordHeaders, Headers}, Body},
 	    Reason = io_lib:format("Forbidden URI: ~p~n", [URI]),
 	    error_log(Reason, ModData),
 	    {stop, normal, State#state{response_sent = true}};
-	{error,{bad_request, {malformed_syntax, URI}}} ->
+	{error, {bad_request, {malformed_syntax, URI}}} ->
 	    ?hdrd("validation failed: bad request - malformed syntax", 
 		  [{uri, URI}]),
 	    httpd_response:send_status(ModData#mod{http_version = Version},
diff --git a/lib/inets/src/http_server/httpd_response.erl b/lib/inets/src/http_server/httpd_response.erl
index ea9cfbf4f2..1301f27081 100644
--- a/lib/inets/src/http_server/httpd_response.erl
+++ b/lib/inets/src/http_server/httpd_response.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -100,12 +100,19 @@ send_status(#mod{socket_type = SocketType,
 		 socket      = Socket, 
 		 config_db   = ConfigDB} = ModData, StatusCode, PhraseArgs) ->
 
+    ?hdrd("send status", [{status_code, StatusCode}, 
+			  {phrase_args, PhraseArgs}]), 
+
     ReasonPhrase = httpd_util:reason_phrase(StatusCode),
     Message      = httpd_util:message(StatusCode, PhraseArgs, ConfigDB),
     Body         = get_body(ReasonPhrase, Message),
 
-    send_header(ModData, StatusCode, [{content_type, "text/html"},
-			    {content_length, integer_to_list(length(Body))}]),
+    ?hdrt("send status - header", [{reason_phrase, ReasonPhrase}, 
+     				   {message,       Message}]), 
+    send_header(ModData, StatusCode, 
+		[{content_type,   "text/html"},
+		 {content_length, integer_to_list(length(Body))}]),
+
     httpd_socket:deliver(SocketType, Socket, Body).
 
 
@@ -345,8 +352,9 @@ transform({Field, Value}) when is_list(Field) ->
 %% Leave this method and go on to the newer form of response
 %% OTP-4408
 %%----------------------------------------------------------------------
-send_response_old(#mod{method      = "HEAD"} = ModData,
+send_response_old(#mod{method = "HEAD"} = ModData,
 		  StatusCode, Response) ->
+
     NewResponse = lists:flatten(Response),
     
     case httpd_util:split(NewResponse, [?CR, ?LF, ?CR, ?LF],2) of
diff --git a/lib/inets/src/http_server/httpd_util.erl b/lib/inets/src/http_server/httpd_util.erl
index 2e0752bcc0..366843354e 100644
--- a/lib/inets/src/http_server/httpd_util.erl
+++ b/lib/inets/src/http_server/httpd_util.erl
@@ -183,7 +183,7 @@ message(400, none, _) ->
     "Your browser sent a query that this server could not understand. ";
 message(400, Msg, _) ->
     "Your browser sent a query that this server could not understand. " ++ 
-	html_encode(http_uri:decode(Msg));
+	html_encode(Msg);
 message(401, none, _) ->
     "This server could not verify that you
 are authorized to access the document you
diff --git a/lib/inets/src/inets_app/inets.appup.src b/lib/inets/src/inets_app/inets.appup.src
index ea696b9155..528a3601a4 100644
--- a/lib/inets/src/inets_app/inets.appup.src
+++ b/lib/inets/src/inets_app/inets.appup.src
@@ -20,9 +20,10 @@
  [
   {"5.3.5",
    [
-    {load_module, http_util, soft_purge, soft_purge, []},
-    {load_module, httpd_util, soft_purge, soft_purge, [http_util]},
-    {load_module, httpd_file, soft_purge, soft_purge, []}
+    {load_module, http_util,      soft_purge, soft_purge, []},
+    {load_module, httpd_util,     soft_purge, soft_purge, [http_util]},
+    {load_module, httpd_file,     soft_purge, soft_purge, []},
+    {load_module, httpd_response, soft_purge, soft_purge, []}
    ]
   }, 
   {"5.3.4",
@@ -54,9 +55,10 @@
  [	
   {"5.3.5",
    [
-    {load_module, http_util, soft_purge, soft_purge, []},
-    {load_module, httpd_util, soft_purge, soft_purge, [http_util]},
-    {load_module, httpd_file, soft_purge, soft_purge, []}
+    {load_module, http_util,      soft_purge, soft_purge, []},
+    {load_module, httpd_util,     soft_purge, soft_purge, [http_util]},
+    {load_module, httpd_file,     soft_purge, soft_purge, []},
+    {load_module, httpd_response, soft_purge, soft_purge, []}
    ]
   }, 
   {"5.3.4",
-- 
cgit v1.2.3