Reject whitespace before/after HTTP/1.1 header names properly

2025-07-14 12:20:24 +00:00 · 2017-11-29 18:01:16 +01:00 · 2017-11-29 18:01:16 +01:00 · aea172857f
commit aea172857f
parent bec9a43d50
1 changed files with 5 additions and 10 deletions
--- a/src/cowboy_http.erl
+++ b/src/cowboy_http.erl
@ -490,19 +490,14 @@ parse_hd_name(<< $:, Rest/bits >>, State, H, SoFar) ->
 parse_hd_name(<< C, _/bits >>, State=#state{in_state=PS}, H, <<>>) when ?IS_WS(C) ->
 	error_terminate(400, State#state{in_state=PS#ps_header{headers=H}},
 		{connection_error, protocol_error,
-			'Whitespace is not allowed between the header name and the colon. (RFC7230 3.2)'});
+			'Whitespace is not allowed before the header name. (RFC7230 3.2)'});
-parse_hd_name(<< C, Rest/bits >>, State, H, SoFar) when ?IS_WS(C) ->
+parse_hd_name(<< C, _/bits >>, State=#state{in_state=PS}, H, _) when ?IS_WS(C) ->
-	parse_hd_name_ws(Rest, State, H, SoFar);
+	error_terminate(400, State#state{in_state=PS#ps_header{headers=H}},
 		{connection_error, protocol_error,
 			'Whitespace is not allowed between the header name and the colon. (RFC7230 3.2.4)'});
 parse_hd_name(<< C, Rest/bits >>, State, H, SoFar) ->
 	?LOWER(parse_hd_name, Rest, State, H, SoFar).
 parse_hd_name_ws(<< C, Rest/bits >>, S, H, Name) ->
 	case C of
 		$\s -> parse_hd_name_ws(Rest, S, H, Name);
 		$\t -> parse_hd_name_ws(Rest, S, H, Name);
 		$: -> parse_hd_before_value(Rest, S, H, Name)
 	end.
 parse_hd_before_value(<< $\s, Rest/bits >>, S, H, N) ->
 	parse_hd_before_value(Rest, S, H, N);
 parse_hd_before_value(<< $\t, Rest/bits >>, S, H, N) ->