From ed104c7ad0e488d57040c96974b8d0d022a775da Mon Sep 17 00:00:00 2001 From: Sina Samavati Date: Mon, 19 Jan 2015 20:44:57 +0330 Subject: httpc: Avoid parsing invalid 'Set-Cookie' headers Parsing invalid 'Set-Cookie' header would make httpc crash. This commit filters invalid 'Set-Cookie' headers so that httpc wouldn't try to parse them. --- lib/inets/test/httpc_SUITE.erl | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'lib/inets/test/httpc_SUITE.erl') diff --git a/lib/inets/test/httpc_SUITE.erl b/lib/inets/test/httpc_SUITE.erl index c535d59b9f..545cc3f11b 100644 --- a/lib/inets/test/httpc_SUITE.erl +++ b/lib/inets/test/httpc_SUITE.erl @@ -91,6 +91,7 @@ only_simulated() -> cookie, cookie_profile, empty_set_cookie, + invalid_set_cookie, trace, stream_once, stream_single_chunk, @@ -567,6 +568,18 @@ empty_set_cookie(Config) when is_list(Config) -> ok = httpc:set_options([{cookies, disabled}]). +%%------------------------------------------------------------------------- +invalid_set_cookie(doc) -> + ["Test ignoring invalid Set-Cookie header"]; +invalid_set_cookie(Config) when is_list(Config) -> + ok = httpc:set_options([{cookies, enabled}]), + + URL = url(group_name(Config), "/invalid_set_cookie.html", Config), + {ok, {{_,200,_}, [_|_], [_|_]}} = + httpc:request(get, {URL, []}, [], []), + + ok = httpc:set_options([{cookies, disabled}]). + %%------------------------------------------------------------------------- headers_as_is(doc) -> ["Test the option headers_as_is"]; @@ -1686,6 +1699,13 @@ handle_uri(_,"/empty_set_cookie.html",_,_,_,_) -> "Content-Length:32\r\n\r\n"++ "foobar"; +handle_uri(_,"/invalid_set_cookie.html",_,_,_,_) -> + "HTTP/1.1 200 ok\r\n" ++ + "set-cookie: =\r\n" ++ + "set-cookie: name-or-value\r\n" ++ + "Content-Length:32\r\n\r\n"++ + "foobar"; + handle_uri(_,"/missing_crlf.html",_,_,_,_) -> "HTTP/1.1 200 ok" ++ "Content-Length:32\r\n" ++ -- cgit v1.2.3