From daba7e0abe4a5642543676e966298b08dee83eb9 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 12 Apr 2018 14:24:08 +0200 Subject: inets: Gracefully handle bad headers max_headers operated on the individual header length instead of the total length of all headers. Also headers with empty keys are now discarded. --- lib/inets/src/http_lib/http_request.erl | 6 ++++-- lib/inets/src/http_server/httpd_request.erl | 6 +++--- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'lib/inets') diff --git a/lib/inets/src/http_lib/http_request.erl b/lib/inets/src/http_lib/http_request.erl index f68b233e10..8ca1542164 100644 --- a/lib/inets/src/http_lib/http_request.erl +++ b/lib/inets/src/http_lib/http_request.erl @@ -27,10 +27,12 @@ key_value(KeyValueStr) -> case lists:splitwith(fun($:) -> false; (_) -> true end, KeyValueStr) of - {Key, [$: | Value]} -> + {Key, [$: | Value]} when Key =/= [] -> {http_util:to_lower(string:strip(Key)), string:strip(Value)}; {_, []} -> - undefined + undefined; + _ -> + undefined end. %%------------------------------------------------------------------------- %% headers(HeaderList, #http_request_h{}) -> #http_request_h{} diff --git a/lib/inets/src/http_server/httpd_request.erl b/lib/inets/src/http_server/httpd_request.erl index 007d272323..e513eb8a3a 100644 --- a/lib/inets/src/http_server/httpd_request.erl +++ b/lib/inets/src/http_server/httpd_request.erl @@ -259,17 +259,17 @@ parse_headers(<>, Header, Headers, Current, Max, %% If ?CR is is missing RFC2616 section-19.3 parse_headers(<>, Header, Headers, Current, Max, Options, Result); -parse_headers(<>, Header, Headers, _, Max, +parse_headers(<>, Header, Headers, Current, Max, Options, Result) -> case http_request:key_value(lists:reverse(Header)) of undefined -> %% Skip headers with missing : parse_headers(Rest, [Octet], Headers, - 0, Max, Options, Result); + Current, Max, Options, Result); NewHeader -> case check_header(NewHeader, Options) of ok -> parse_headers(Rest, [Octet], [NewHeader | Headers], - 0, Max, Options, Result); + Current, Max, Options, Result); {error, Reason} -> HttpVersion = lists:nth(3, lists:reverse(Result)), {error, Reason, HttpVersion} -- cgit v1.2.3 From abd5642652c564fbcd65c77e62ccc170d737ea8a Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Tue, 5 Jun 2018 11:57:43 +0200 Subject: Prepare release --- lib/inets/doc/src/notes.xml | 21 ++++++++++++++++++++- lib/inets/vsn.mk | 2 +- 2 files changed, 21 insertions(+), 2 deletions(-) (limited to 'lib/inets') diff --git a/lib/inets/doc/src/notes.xml b/lib/inets/doc/src/notes.xml index 672ef49c0c..a6af1e834e 100644 --- a/lib/inets/doc/src/notes.xml +++ b/lib/inets/doc/src/notes.xml @@ -33,7 +33,26 @@ notes.xml -
Inets 6.5.1 +
Inets 6.5.2 + +
Fixed Bugs and Malfunctions + + +

+ inets: httpd - Gracefully handle bad headers

+

+ The option max_headers operated on the individual header + length instead of the total length of all headers. Also + headers with empty keys are now discarded.

+

+ Own Id: OTP-15092

+
+
+
+ +
+ +
Inets 6.5.1
Fixed Bugs and Malfunctions diff --git a/lib/inets/vsn.mk b/lib/inets/vsn.mk index 3a489357ff..9bbcd06914 100644 --- a/lib/inets/vsn.mk +++ b/lib/inets/vsn.mk @@ -19,6 +19,6 @@ # %CopyrightEnd% APPLICATION = inets -INETS_VSN = 6.5.1 +INETS_VSN = 6.5.2 PRE_VSN = APP_VSN = "$(APPLICATION)-$(INETS_VSN)$(PRE_VSN)" -- cgit v1.2.3