mirror of
https://github.com/ninenines/cowboy.git
synced 2025-07-14 12:20:24 +00:00
Limit the number of empty lines to allow before the request-line.
Defaults to 5. Prevents someone from indefinitely sending empty lines.
This commit is contained in:
Loïc Hoguin
parent
c79df567be
commit
6ec20b736e
2 changed files with 10 additions and 3 deletions
|
|
@ -24,6 +24,8 @@
|
||||||
transport :: module(),
|
transport :: module(),
|
||||||
dispatch :: dispatch(),
|
dispatch :: dispatch(),
|
||||||
handler :: {Handler::module(), Opts::term()},
|
handler :: {Handler::module(), Opts::term()},
|
||||||
|
req_empty_lines = 0 :: integer(),
|
||||||
|
max_empty_lines :: integer(),
|
||||||
timeout :: timeout(),
|
timeout :: timeout(),
|
||||||
connection = keepalive :: keepalive | close
|
connection = keepalive :: keepalive | close
|
||||||
}).
|
}).
|
||||||
|
|
@ -41,9 +43,10 @@ start_link(Socket, Transport, Opts) ->
|
||||||
-spec init(Socket::socket(), Transport::module(), Opts::term()) -> ok.
|
-spec init(Socket::socket(), Transport::module(), Opts::term()) -> ok.
|
||||||
init(Socket, Transport, Opts) ->
|
init(Socket, Transport, Opts) ->
|
||||||
Dispatch = proplists:get_value(dispatch, Opts, []),
|
Dispatch = proplists:get_value(dispatch, Opts, []),
|
||||||
|
MaxEmptyLines = proplists:get_value(max_empty_lines, Opts, 5),
|
||||||
Timeout = proplists:get_value(timeout, Opts, 5000),
|
Timeout = proplists:get_value(timeout, Opts, 5000),
|
||||||
wait_request(#state{socket=Socket, transport=Transport,
|
wait_request(#state{socket=Socket, transport=Transport,
|
||||||
dispatch=Dispatch, timeout=Timeout}).
|
dispatch=Dispatch, max_empty_lines=MaxEmptyLines, timeout=Timeout}).
|
||||||
|
|
||||||
-spec wait_request(State::#state{}) -> ok.
|
-spec wait_request(State::#state{}) -> ok.
|
||||||
wait_request(State=#state{socket=Socket, transport=Transport, timeout=T}) ->
|
wait_request(State=#state{socket=Socket, transport=Transport, timeout=T}) ->
|
||||||
|
|
@ -78,8 +81,11 @@ request({http_request, Method, '*', Version},
|
||||||
State#state{connection=ConnAtom});
|
State#state{connection=ConnAtom});
|
||||||
request({http_request, _Method, _URI, _Version}, State) ->
|
request({http_request, _Method, _URI, _Version}, State) ->
|
||||||
error_terminate(501, State);
|
error_terminate(501, State);
|
||||||
request({http_error, "\r\n"}, State) ->
|
request({http_error, "\r\n"},
|
||||||
wait_request(State);
|
State=#state{req_empty_lines=N, max_empty_lines=N}) ->
|
||||||
|
error_terminate(400, State);
|
||||||
|
request({http_error, "\r\n"}, State=#state{req_empty_lines=N}) ->
|
||||||
|
wait_request(State#state{req_empty_lines=N + 1});
|
||||||
request({http_error, _Any}, State) ->
|
request({http_error, _Any}, State) ->
|
||||||
error_terminate(400, State).
|
error_terminate(400, State).
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -98,6 +98,7 @@ raw(Config) ->
|
||||||
Tests = [
|
Tests = [
|
||||||
{"\r\n\r\n\r\n\r\n\r\nGET / HTTP/1.1\r\nHost: localhost\r\n\r\n", 200},
|
{"\r\n\r\n\r\n\r\n\r\nGET / HTTP/1.1\r\nHost: localhost\r\n\r\n", 200},
|
||||||
{"Garbage\r\n\r\n", 400},
|
{"Garbage\r\n\r\n", 400},
|
||||||
|
{"\r\n\r\n\r\n\r\n\r\n\r\n", 400},
|
||||||
{"GET / HTTP/1.1\r\nHost: dev-extend.eu\r\n\r\n", 400},
|
{"GET / HTTP/1.1\r\nHost: dev-extend.eu\r\n\r\n", 400},
|
||||||
{"", 408},
|
{"", 408},
|
||||||
{"\r\n", 408},
|
{"\r\n", 408},
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue